ThreatFox IOCs for 2023-01-23
Severity: mediumType: malware
ThreatFox IOCs for 2023-01-23
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on January 23, 2023, by ThreatFox, a MISP (Malware Information Sharing Platform) feed focused on sharing threat intelligence. The threat is categorized as malware-related, specifically involving OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are sparse: no specific affected software versions are listed, no known exploits in the wild are reported, and no patches are available. The threat level is indicated as 2 on an unspecified scale, with moderate distribution (3) and minimal analysis (1), suggesting limited detailed technical information is currently available. The absence of concrete technical indicators, such as malware signatures, attack vectors, or vulnerabilities, limits the ability to fully characterize the threat. The classification under OSINT and network activity implies that the threat may involve reconnaissance or delivery mechanisms leveraging publicly available information or network-based payload distribution. Given the lack of specific CWE identifiers or exploit details, this appears to be an early-stage or low-profile malware campaign or intelligence gathering effort rather than an active, widespread exploit. The TLP (Traffic Light Protocol) classification as white indicates the information is intended for public sharing without restriction.
Potential Impact
For European organizations, the impact of this threat is currently assessed as limited due to the lack of detailed exploit information and absence of known active exploitation. However, the presence of payload delivery and network activity components suggests potential risks related to malware infection, data exfiltration, or lateral movement within networks if the threat actors succeed in deploying malicious payloads. Organizations relying on OSINT tools or network services could be targeted for reconnaissance or initial compromise. The medium severity rating implies a moderate risk level, potentially affecting confidentiality and integrity if exploited, but without immediate evidence of availability impact or widespread disruption. European entities with critical infrastructure or sensitive data could face increased risk if this threat evolves or is leveraged in targeted campaigns. The lack of patches or mitigation details further complicates proactive defense, underscoring the need for vigilance and monitoring.
Mitigation Recommendations
Given the limited technical details, European organizations should focus on enhancing network monitoring and threat intelligence integration to detect any indicators related to this threat as they emerge. Specific recommendations include: 1) Implement advanced network traffic analysis to identify unusual payload delivery attempts or reconnaissance activities; 2) Integrate ThreatFox and other MISP feeds into existing SIEM and SOAR platforms to automate IOC ingestion and alerting; 3) Conduct regular OSINT tool and network service audits to ensure minimal exposure and hardened configurations; 4) Employ endpoint detection and response (EDR) solutions capable of identifying suspicious payload execution; 5) Educate security teams on emerging OSINT-related threats and encourage information sharing within European cybersecurity communities; 6) Maintain updated incident response plans to rapidly address potential infections or breaches linked to this threat. These steps go beyond generic advice by emphasizing proactive intelligence-driven detection and operational readiness tailored to the threat's characteristics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- file: 119.29.82.40
- hash: 8053
- file: 3.136.65.236
- hash: 13705
- file: 3.129.187.220
- hash: 13705
- file: 3.133.207.110
- hash: 13705
- file: 3.131.147.49
- hash: 13705
- file: 37.44.238.144
- hash: 1302
- file: 62.204.41.242
- hash: 80
- url: http://3.92.113.197:8082/hubcap/mayo-clinic-radio-full-shows/
- url: http://3.92.113.197:8084/discussion/mayo-clinic-radio-als/
- url: https://8.214.108.207:14443/activity
- file: 66.112.219.122
- hash: 14443
- url: http://208.67.105.87:12338/match
- url: https://44.201.225.29/cm
- file: 44.201.225.29
- hash: 443
- url: https://45.12.253.139/favicon.js
- file: 45.12.253.139
- hash: 443
- url: http://62.233.51.173/jb9szzzbv7/login.php
- url: http://62.233.51.173/jb9szzzbv7/index.php?scr=1
- url: http://62.233.51.173/jb9szzzbv7/index.php
- url: http://62.233.51.173/jb9szzzbv7/plugins/cred64.dll
- url: http://62.233.51.173/jb9szzzbv7/plugins/clip64.dll
- file: 212.193.30.230
- hash: 60705
- file: 45.9.74.6
- hash: 80
- file: 45.15.156.239
- hash: 80
- file: 45.15.156.251
- hash: 80
- file: 45.90.59.19
- hash: 80
- file: 46.151.31.216
- hash: 80
- file: 77.73.134.81
- hash: 80
- file: 77.73.134.82
- hash: 80
- file: 77.91.78.44
- hash: 80
- file: 77.91.78.69
- hash: 80
- file: 77.91.124.79
- hash: 80
- file: 78.153.130.127
- hash: 80
- file: 80.85.139.245
- hash: 80
- file: 83.217.11.19
- hash: 80
- file: 83.217.11.20
- hash: 80
- file: 83.217.11.22
- hash: 80
- file: 83.217.11.23
- hash: 80
- file: 84.32.190.128
- hash: 80
- file: 84.247.51.113
- hash: 80
- file: 85.192.63.161
- hash: 80
- file: 86.105.18.13
- hash: 80
- file: 88.119.161.37
- hash: 80
- file: 88.119.175.232
- hash: 80
- file: 89.44.9.71
- hash: 80
- file: 91.107.180.190
- hash: 80
- file: 142.132.167.230
- hash: 80
- file: 146.70.100.89
- hash: 80
- file: 147.78.47.232
- hash: 80
- file: 172.86.75.81
- hash: 80
- file: 185.173.34.73
- hash: 80
- file: 185.173.34.208
- hash: 80
- file: 185.225.73.102
- hash: 80
- file: 185.246.220.203
- hash: 80
- file: 185.253.96.110
- hash: 80
- file: 188.119.113.237
- hash: 80
- file: 193.149.185.13
- hash: 80
- file: 193.149.187.53
- hash: 80
- file: 194.5.177.193
- hash: 80
- file: 194.87.199.101
- hash: 80
- file: 195.123.241.57
- hash: 80
- file: 45.128.234.198
- hash: 6888
- file: 45.15.156.175
- hash: 8081
- file: 45.15.156.224
- hash: 8081
- file: 45.15.156.234
- hash: 8081
- file: 45.15.156.242
- hash: 8081
- file: 45.15.156.246
- hash: 8081
- file: 45.15.156.249
- hash: 8081
- file: 45.15.156.250
- hash: 8081
- file: 45.61.139.86
- hash: 8081
- file: 45.151.144.19
- hash: 8081
- file: 65.109.216.5
- hash: 8081
- file: 77.91.124.12
- hash: 8081
- file: 95.215.108.15
- hash: 8081
- file: 95.217.235.8
- hash: 8081
- file: 135.181.107.76
- hash: 8081
- file: 193.188.23.177
- hash: 8081
- file: 212.192.31.29
- hash: 8081
- url: http://45.15.156.175/auth
- url: http://45.15.156.234/auth
- url: http://45.15.156.246/auth
- url: http://45.15.156.250/auth
- url: http://45.61.139.86/auth
- url: http://45.151.144.19/auth
- url: http://95.215.108.15/auth
- url: http://95.217.235.8/auth
- url: http://135.181.107.76/auth
- url: http://193.188.23.177/auth
- url: http://212.192.31.29/auth
- file: 5.75.168.236
- hash: 443
- file: 62.233.51.121
- hash: 443
- file: 62.233.51.122
- hash: 443
- file: 144.76.33.241
- hash: 443
- file: 179.43.187.197
- hash: 443
- file: 179.43.187.201
- hash: 443
- file: 179.43.187.217
- hash: 443
- file: 193.37.70.80
- hash: 443
- file: 194.180.48.19
- hash: 443
- url: http://65.109.208.142/851
- url: http://65.109.208.142/580
- url: http://65.109.208.142/237
- url: http://65.109.208.142/701
- url: http://65.109.208.142/19
- url: http://195.201.251.109/701
- url: http://65.109.208.140/20
- url: http://116.202.0.132/784
- file: 91.231.84.41
- hash: 52651
- file: 10.5.175.21
- hash: 52651
- url: http://142.132.228.93/
- url: http://62.204.41.88/9vdvvvjsw/index.php
- file: 142.202.242.197
- hash: 35704
- file: 194.226.121.225
- hash: 12286
- url: http://194.67.87.32/securetrafficdatalife.php
- file: 208.85.21.88
- hash: 45110
- hash: 43723dfa8e7a99421cb5d50cf28c86a5
- file: 3.133.207.110
- hash: 13961
- hash: 8ee1e415d1d3db2d58b5929ef9068408a3041a870a6115c3f62794aec88d5687
- domain: gfduytsdf.shop
- domain: log.gfduytsdf.shop
- file: 3.1.208.125
- hash: 443
- file: 46.8.210.28
- hash: 445
- file: 62.173.138.24
- hash: 445
- url: http://193.0.178.235/drew/
- url: http://62.173.149.10/drew/
- url: http://31.41.44.27/drew/
- file: 193.0.178.235
- hash: 80
- file: 62.173.149.10
- hash: 80
- file: 31.41.44.27
- hash: 80
- file: 62.173.149.123
- hash: 443
- file: 62.173.145.119
- hash: 443
- file: 31.41.44.185
- hash: 443
- file: 31.41.44.184
- hash: 443
- file: 193.233.175.18
- hash: 443
- file: 194.116.162.13
- hash: 443
- file: 46.8.19.215
- hash: 443
- file: 46.8.210.177
- hash: 443
- domain: tibloautonef.com
- domain: nomaeradiur.com
- domain: trotimera.com
- domain: swordnifhing.com
- domain: trustopaj.com
- domain: ulrtonemio.com
- domain: rolewzullo.com
- domain: trastbaki.com
- domain: iskopila.com
- domain: scanproluet.com
- domain: spotifrezise.com
- file: 62.173.139.250
- hash: 30266
- file: 45.139.105.174
- hash: 6320
- file: 3.133.207.110
- hash: 18766
- file: 3.129.187.220
- hash: 18766
- file: 3.131.147.49
- hash: 18766
- file: 3.136.65.236
- hash: 18766
- file: 46.8.210.26
- hash: 445
- file: 46.8.210.29
- hash: 445
- file: 62.173.140.128
- hash: 445
- file: 62.173.140.192
- hash: 445
- file: 185.31.160.229
- hash: 445
- file: 193.233.175.99
- hash: 445
- file: 193.0.178.237
- hash: 445
- file: 194.116.162.14
- hash: 445
- file: 184.75.223.235
- hash: 3847
- file: 185.252.178.121
- hash: 6126
- file: 18.197.239.109
- hash: 10146
- file: 3.69.115.178
- hash: 10146
- url: http://35.88.90.115/dz
- url: https://goupdatemic.online:8888/c/msdownload/update/others/2020/10/29136388_
- url: https://77.73.134.51:8888/c/msdownload/update/others/2020/10/29136388_
- file: 3.69.157.220
- hash: 10146
- file: 3.66.38.117
- hash: 10146
- file: 49.232.21.201
- hash: 9091
- file: 91.215.85.196
- hash: 80
- file: 62.233.51.173
- hash: 80
- file: 45.15.156.246
- hash: 80
- file: 45.15.156.234
- hash: 80
- file: 45.15.156.175
- hash: 80
- file: 193.188.23.177
- hash: 80
- file: 135.181.107.76
- hash: 80
- file: 95.217.235.8
- hash: 80
- file: 95.215.108.15
- hash: 80
- file: 45.61.139.86
- hash: 80
- file: 62.204.41.88
- hash: 80
- file: 172.104.244.136
- hash: 23
- file: 136.36.83.93
- hash: 8888
- file: 31.192.232.48
- hash: 1991
- url: http://neverchurka.ml/linemultiflower.php
- url: https://drgb74ojbgxg7.cloudfront.net/ku
- domain: drgb74ojbgxg7.cloudfront.net
- file: 3.17.7.232
- hash: 13186
- file: 5.75.149.127
- hash: 80
- file: 37.44.238.144
- hash: 60195
- file: 3.134.39.220
- hash: 13186
- file: 185.225.74.148
- hash: 2404
- file: 154.12.234.207
- hash: 4782
- file: 91.192.100.5
- hash: 20391
- file: 194.180.49.225
- hash: 1780
- domain: wwwirsforms-com.top
- domain: libre-offlce.top
- domain: adobecom.top
- domain: www-adobe-com.top
- domain: microsoft-teamscom.top
- domain: wwwteamviewercom.top
- domain: www-discord-com.top
- domain: www-irs-form.top
- domain: www-onenote-com.top
- domain: wwwslackcom.top
- domain: wwwanydesk-com.top
- url: http://18.117.193.148//receive.php
- file: 154.12.234.207
- hash: 8808
- file: 45.137.22.77
- hash: 8780
- url: http://185.225.74.69/mad/inc/1c468152070648.php
- url: http://65.109.210.114/
- file: 90.156.230.53
- hash: 8080
- hash: 9f30f4572aabbaf043659e43faa646619d525947b5ac7142106edf4e9a41136a
- url: https://t.me/litlebey
- url: http://5.75.149.127/
- file: 65.109.210.114
- hash: 80
- hash: 9fcc0a561c8f144be6a6988185befd05
- url: http://89.185.84.43/20.01/pl/lot.djvu
- hash: 1994fa4183b160cfb8931100f218b331
- hash: 801b0800b59e45135865c2c96257399e
- hash: ebf7728724651e00053e83e4cadf4885
- url: http://195.201.251.109/15
- url: http://195.201.251.109/682
- url: http://65.109.208.142/862
- url: http://65.21.58.6/784
- file: 62.204.41.24
- hash: 44076
- file: 62.204.41.175
- hash: 44271
- file: 198.98.51.250
- hash: 443
- domain: frun.digital
- url: http://frun.digital/letsgo.php
- file: 194.15.112.63
- hash: 443
- file: 164.92.67.126
- hash: 17044
- file: 45.151.144.19
- hash: 80
- file: 45.15.156.250
- hash: 80
- file: 45.15.156.249
- hash: 80
- file: 77.83.242.206
- hash: 4782
- file: 37.220.31.17
- hash: 443
- file: 37.220.31.17
- hash: 2095
- file: 37.220.31.17
- hash: 8443
- file: 44.212.9.14
- hash: 8443
- file: 144.217.36.75
- hash: 10011
- file: 149.154.158.56
- hash: 3190
- file: 65.109.139.121
- hash: 28859
- domain: jcdruzgqg.buzz
- domain: mdjisnele.best
- domain: pwlzcblyl.icu
- domain: tesfwjcun.shop
- domain: zeoccodxa.click
- domain: bustlingservidor.one
- domain: chevalprovedores.one
- domain: cloisteredkona.one
- domain: faoprovedores.one
- domain: harmoniousutter.one
- domain: jazzysmartie.one
- domain: liaresolute.one
- domain: nondescriptresolute.one
- domain: provedoresdesu.one
- domain: resolutelitz.one
- domain: thedebonairutter.one
- domain: utterpya.one
- domain: uttproeser.one
- url: http://83.217.11.23/
- url: http://88.119.175.149:9999/cm
- url: https://vd-ntds.com/_/scs/mail-static/_/js/
- domain: vd-ntds.com
- file: 91.215.85.196
- hash: 443
- url: http://konactoratec.xyz/_/scs/mail-static/_/js/
- domain: konactoratec.xyz
- file: 179.43.175.220
- hash: 80
- url: http://137.220.135.199:6789/dot.gif
- file: 137.220.135.206
- hash: 6789
- url: https://208.67.105.87:13443/pixel.gif
- file: 5.255.107.149
- hash: 443
- url: http://vd-ntds.com/_/scs/mail-static/_/js/
- file: 137.220.135.200
- hash: 6789
- file: 20.4.6.16
- hash: 43521
- file: 18.197.239.109
- hash: 11548
- file: 116.108.48.70
- hash: 374
ThreatFox IOCs for 2023-01-23
Medium
Published: Mon Jan 23 2023 (01/23/2023, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2023-01-23
AI-Powered Analysis
AILast updated: 07/05/2025, 23:12:27 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on January 23, 2023, by ThreatFox, a MISP (Malware Information Sharing Platform) feed focused on sharing threat intelligence. The threat is categorized as malware-related, specifically involving OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are sparse: no specific affected software versions are listed, no known exploits in the wild are reported, and no patches are available. The threat level is indicated as 2 on an unspecified scale, with moderate distribution (3) and minimal analysis (1), suggesting limited detailed technical information is currently available. The absence of concrete technical indicators, such as malware signatures, attack vectors, or vulnerabilities, limits the ability to fully characterize the threat. The classification under OSINT and network activity implies that the threat may involve reconnaissance or delivery mechanisms leveraging publicly available information or network-based payload distribution. Given the lack of specific CWE identifiers or exploit details, this appears to be an early-stage or low-profile malware campaign or intelligence gathering effort rather than an active, widespread exploit. The TLP (Traffic Light Protocol) classification as white indicates the information is intended for public sharing without restriction.
Potential Impact
For European organizations, the impact of this threat is currently assessed as limited due to the lack of detailed exploit information and absence of known active exploitation. However, the presence of payload delivery and network activity components suggests potential risks related to malware infection, data exfiltration, or lateral movement within networks if the threat actors succeed in deploying malicious payloads. Organizations relying on OSINT tools or network services could be targeted for reconnaissance or initial compromise. The medium severity rating implies a moderate risk level, potentially affecting confidentiality and integrity if exploited, but without immediate evidence of availability impact or widespread disruption. European entities with critical infrastructure or sensitive data could face increased risk if this threat evolves or is leveraged in targeted campaigns. The lack of patches or mitigation details further complicates proactive defense, underscoring the need for vigilance and monitoring.
Mitigation Recommendations
Given the limited technical details, European organizations should focus on enhancing network monitoring and threat intelligence integration to detect any indicators related to this threat as they emerge. Specific recommendations include: 1) Implement advanced network traffic analysis to identify unusual payload delivery attempts or reconnaissance activities; 2) Integrate ThreatFox and other MISP feeds into existing SIEM and SOAR platforms to automate IOC ingestion and alerting; 3) Conduct regular OSINT tool and network service audits to ensure minimal exposure and hardened configurations; 4) Employ endpoint detection and response (EDR) solutions capable of identifying suspicious payload execution; 5) Educate security teams on emerging OSINT-related threats and encourage information sharing within European cybersecurity communities; 6) Maintain updated incident response plans to rapidly address potential infections or breaches linked to this threat. These steps go beyond generic advice by emphasizing proactive intelligence-driven detection and operational readiness tailored to the threat's characteristics.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- fbc4818b-0b8a-4d17-954d-cd39f11ff688
- Original Timestamp
- 1674518584
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file119.29.82.40 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file3.136.65.236 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.129.187.220 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.133.207.110 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.131.147.49 | NjRAT botnet C2 server (confidence level: 100%) | |
file37.44.238.144 | Mirai botnet C2 server (confidence level: 75%) | |
file62.204.41.242 | Amadey botnet C2 server (confidence level: 50%) | |
file66.112.219.122 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file44.201.225.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.12.253.139 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.193.30.230 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file45.9.74.6 | Raccoon botnet C2 server (confidence level: 100%) | |
file45.15.156.239 | Raccoon botnet C2 server (confidence level: 100%) | |
file45.15.156.251 | Raccoon botnet C2 server (confidence level: 100%) | |
file45.90.59.19 | Raccoon botnet C2 server (confidence level: 100%) | |
file46.151.31.216 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.73.134.81 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.73.134.82 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.91.78.44 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.91.78.69 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.91.124.79 | Raccoon botnet C2 server (confidence level: 100%) | |
file78.153.130.127 | Raccoon botnet C2 server (confidence level: 100%) | |
file80.85.139.245 | Raccoon botnet C2 server (confidence level: 100%) | |
file83.217.11.19 | Raccoon botnet C2 server (confidence level: 100%) | |
file83.217.11.20 | Raccoon botnet C2 server (confidence level: 100%) | |
file83.217.11.22 | Raccoon botnet C2 server (confidence level: 100%) | |
file83.217.11.23 | Raccoon botnet C2 server (confidence level: 100%) | |
file84.32.190.128 | Raccoon botnet C2 server (confidence level: 100%) | |
file84.247.51.113 | Raccoon botnet C2 server (confidence level: 100%) | |
file85.192.63.161 | Raccoon botnet C2 server (confidence level: 100%) | |
file86.105.18.13 | Raccoon botnet C2 server (confidence level: 100%) | |
file88.119.161.37 | Raccoon botnet C2 server (confidence level: 100%) | |
file88.119.175.232 | Raccoon botnet C2 server (confidence level: 100%) | |
file89.44.9.71 | Raccoon botnet C2 server (confidence level: 100%) | |
file91.107.180.190 | Raccoon botnet C2 server (confidence level: 100%) | |
file142.132.167.230 | Raccoon botnet C2 server (confidence level: 100%) | |
file146.70.100.89 | Raccoon botnet C2 server (confidence level: 100%) | |
file147.78.47.232 | Raccoon botnet C2 server (confidence level: 100%) | |
file172.86.75.81 | Raccoon botnet C2 server (confidence level: 100%) | |
file185.173.34.73 | Raccoon botnet C2 server (confidence level: 100%) | |
file185.173.34.208 | Raccoon botnet C2 server (confidence level: 100%) | |
file185.225.73.102 | Raccoon botnet C2 server (confidence level: 100%) | |
file185.246.220.203 | Raccoon botnet C2 server (confidence level: 100%) | |
file185.253.96.110 | Raccoon botnet C2 server (confidence level: 100%) | |
file188.119.113.237 | Raccoon botnet C2 server (confidence level: 100%) | |
file193.149.185.13 | Raccoon botnet C2 server (confidence level: 100%) | |
file193.149.187.53 | Raccoon botnet C2 server (confidence level: 100%) | |
file194.5.177.193 | Raccoon botnet C2 server (confidence level: 100%) | |
file194.87.199.101 | Raccoon botnet C2 server (confidence level: 100%) | |
file195.123.241.57 | Raccoon botnet C2 server (confidence level: 100%) | |
file45.128.234.198 | Mirai botnet C2 server (confidence level: 75%) | |
file45.15.156.175 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file45.15.156.224 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file45.15.156.234 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file45.15.156.242 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file45.15.156.246 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file45.15.156.249 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file45.15.156.250 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file45.61.139.86 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file45.151.144.19 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file65.109.216.5 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file77.91.124.12 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file95.215.108.15 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file95.217.235.8 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file135.181.107.76 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file193.188.23.177 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file212.192.31.29 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file5.75.168.236 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file62.233.51.121 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file62.233.51.122 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file144.76.33.241 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file179.43.187.197 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file179.43.187.201 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file179.43.187.217 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file193.37.70.80 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file194.180.48.19 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file91.231.84.41 | Remcos botnet C2 server (confidence level: 100%) | |
file10.5.175.21 | Remcos botnet C2 server (confidence level: 75%) | |
file142.202.242.197 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file194.226.121.225 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file208.85.21.88 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file3.133.207.110 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.1.208.125 | Unknown malware botnet C2 server (confidence level: 75%) | |
file46.8.210.28 | ISFB payload delivery server (confidence level: 75%) | |
file62.173.138.24 | ISFB payload delivery server (confidence level: 75%) | |
file193.0.178.235 | ISFB botnet C2 server (confidence level: 75%) | |
file62.173.149.10 | ISFB botnet C2 server (confidence level: 75%) | |
file31.41.44.27 | ISFB botnet C2 server (confidence level: 75%) | |
file62.173.149.123 | ISFB botnet C2 server (confidence level: 75%) | |
file62.173.145.119 | ISFB botnet C2 server (confidence level: 75%) | |
file31.41.44.185 | ISFB botnet C2 server (confidence level: 75%) | |
file31.41.44.184 | ISFB botnet C2 server (confidence level: 75%) | |
file193.233.175.18 | ISFB botnet C2 server (confidence level: 75%) | |
file194.116.162.13 | ISFB botnet C2 server (confidence level: 75%) | |
file46.8.19.215 | ISFB botnet C2 server (confidence level: 75%) | |
file46.8.210.177 | ISFB botnet C2 server (confidence level: 75%) | |
file62.173.139.250 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.139.105.174 | Remcos botnet C2 server (confidence level: 75%) | |
file3.133.207.110 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.129.187.220 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.131.147.49 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.136.65.236 | NjRAT botnet C2 server (confidence level: 100%) | |
file46.8.210.26 | ISFB payload delivery server (confidence level: 75%) | |
file46.8.210.29 | ISFB payload delivery server (confidence level: 75%) | |
file62.173.140.128 | ISFB payload delivery server (confidence level: 75%) | |
file62.173.140.192 | ISFB payload delivery server (confidence level: 75%) | |
file185.31.160.229 | ISFB payload delivery server (confidence level: 75%) | |
file193.233.175.99 | ISFB payload delivery server (confidence level: 75%) | |
file193.0.178.237 | ISFB payload delivery server (confidence level: 75%) | |
file194.116.162.14 | ISFB payload delivery server (confidence level: 75%) | |
file184.75.223.235 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file185.252.178.121 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.197.239.109 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.69.115.178 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.69.157.220 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.66.38.117 | NjRAT botnet C2 server (confidence level: 100%) | |
file49.232.21.201 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file91.215.85.196 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file62.233.51.173 | Amadey botnet C2 server (confidence level: 50%) | |
file45.15.156.246 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file45.15.156.234 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file45.15.156.175 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file193.188.23.177 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file135.181.107.76 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file95.217.235.8 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file95.215.108.15 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file45.61.139.86 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file62.204.41.88 | Amadey botnet C2 server (confidence level: 50%) | |
file172.104.244.136 | Bashlite botnet C2 server (confidence level: 75%) | |
file136.36.83.93 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file31.192.232.48 | Remcos botnet C2 server (confidence level: 75%) | |
file3.17.7.232 | NjRAT botnet C2 server (confidence level: 100%) | |
file5.75.149.127 | Vidar botnet C2 server (confidence level: 100%) | |
file37.44.238.144 | Mirai botnet C2 server (confidence level: 75%) | |
file3.134.39.220 | NjRAT botnet C2 server (confidence level: 100%) | |
file185.225.74.148 | Remcos botnet C2 server (confidence level: 75%) | |
file154.12.234.207 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file91.192.100.5 | Ave Maria botnet C2 server (confidence level: 100%) | |
file194.180.49.225 | STRRAT botnet C2 server (confidence level: 100%) | |
file154.12.234.207 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.137.22.77 | Remcos botnet C2 server (confidence level: 100%) | |
file90.156.230.53 | Ficker Stealer botnet C2 server (confidence level: 100%) | |
file65.109.210.114 | Vidar botnet C2 server (confidence level: 100%) | |
file62.204.41.24 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file62.204.41.175 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file198.98.51.250 | BumbleBee botnet C2 server (confidence level: 75%) | |
file194.15.112.63 | Unknown malware botnet C2 server (confidence level: 75%) | |
file164.92.67.126 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.151.144.19 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file45.15.156.250 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file45.15.156.249 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file77.83.242.206 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file37.220.31.17 | BianLian botnet C2 server (confidence level: 50%) | |
file37.220.31.17 | BianLian botnet C2 server (confidence level: 50%) | |
file37.220.31.17 | BianLian botnet C2 server (confidence level: 50%) | |
file44.212.9.14 | BianLian botnet C2 server (confidence level: 50%) | |
file144.217.36.75 | BianLian botnet C2 server (confidence level: 50%) | |
file149.154.158.56 | BianLian botnet C2 server (confidence level: 50%) | |
file65.109.139.121 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file91.215.85.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.43.175.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file137.220.135.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.255.107.149 | IcedID botnet C2 server (confidence level: 75%) | |
file137.220.135.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.4.6.16 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.197.239.109 | NjRAT botnet C2 server (confidence level: 100%) | |
file116.108.48.70 | AsyncRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8053 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash13705 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13705 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13705 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13705 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1302 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash14443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60705 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash6888 | Mirai botnet C2 server (confidence level: 75%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash52651 | Remcos botnet C2 server (confidence level: 100%) | |
hash52651 | Remcos botnet C2 server (confidence level: 75%) | |
hash35704 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash12286 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash45110 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash43723dfa8e7a99421cb5d50cf28c86a5 | Agent Tesla payload (confidence level: 50%) | |
hash13961 | NjRAT botnet C2 server (confidence level: 100%) | |
hash8ee1e415d1d3db2d58b5929ef9068408a3041a870a6115c3f62794aec88d5687 | Unknown malware payload (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash443 | ISFB botnet C2 server (confidence level: 75%) | |
hash443 | ISFB botnet C2 server (confidence level: 75%) | |
hash443 | ISFB botnet C2 server (confidence level: 75%) | |
hash443 | ISFB botnet C2 server (confidence level: 75%) | |
hash443 | ISFB botnet C2 server (confidence level: 75%) | |
hash443 | ISFB botnet C2 server (confidence level: 75%) | |
hash443 | ISFB botnet C2 server (confidence level: 75%) | |
hash443 | ISFB botnet C2 server (confidence level: 75%) | |
hash30266 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash6320 | Remcos botnet C2 server (confidence level: 75%) | |
hash18766 | NjRAT botnet C2 server (confidence level: 100%) | |
hash18766 | NjRAT botnet C2 server (confidence level: 100%) | |
hash18766 | NjRAT botnet C2 server (confidence level: 100%) | |
hash18766 | NjRAT botnet C2 server (confidence level: 100%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash3847 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash6126 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash10146 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10146 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10146 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10146 | NjRAT botnet C2 server (confidence level: 100%) | |
hash9091 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash23 | Bashlite botnet C2 server (confidence level: 75%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash1991 | Remcos botnet C2 server (confidence level: 75%) | |
hash13186 | NjRAT botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash60195 | Mirai botnet C2 server (confidence level: 75%) | |
hash13186 | NjRAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash20391 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash1780 | STRRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8780 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Ficker Stealer botnet C2 server (confidence level: 100%) | |
hash9f30f4572aabbaf043659e43faa646619d525947b5ac7142106edf4e9a41136a | Emotet payload (confidence level: 75%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash9fcc0a561c8f144be6a6988185befd05 | Unknown malware payload (confidence level: 50%) | |
hash1994fa4183b160cfb8931100f218b331 | Unknown malware payload (confidence level: 100%) | |
hash801b0800b59e45135865c2c96257399e | Unknown malware payload (confidence level: 100%) | |
hashebf7728724651e00053e83e4cadf4885 | Unknown malware payload (confidence level: 100%) | |
hash44076 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash44271 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash17044 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 50%) | |
hash2095 | BianLian botnet C2 server (confidence level: 50%) | |
hash8443 | BianLian botnet C2 server (confidence level: 50%) | |
hash8443 | BianLian botnet C2 server (confidence level: 50%) | |
hash10011 | BianLian botnet C2 server (confidence level: 50%) | |
hash3190 | BianLian botnet C2 server (confidence level: 50%) | |
hash28859 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6789 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash6789 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash43521 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash11548 | NjRAT botnet C2 server (confidence level: 100%) | |
hash374 | AsyncRAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://3.92.113.197:8082/hubcap/mayo-clinic-radio-full-shows/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://3.92.113.197:8084/discussion/mayo-clinic-radio-als/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://8.214.108.207:14443/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://208.67.105.87:12338/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://44.201.225.29/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.12.253.139/favicon.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://62.233.51.173/jb9szzzbv7/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://62.233.51.173/jb9szzzbv7/index.php?scr=1 | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://62.233.51.173/jb9szzzbv7/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://62.233.51.173/jb9szzzbv7/plugins/cred64.dll | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://62.233.51.173/jb9szzzbv7/plugins/clip64.dll | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://45.15.156.175/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.15.156.234/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.15.156.246/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.15.156.250/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.61.139.86/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.151.144.19/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://95.215.108.15/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://95.217.235.8/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://135.181.107.76/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://193.188.23.177/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://212.192.31.29/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://65.109.208.142/851 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://65.109.208.142/580 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://65.109.208.142/237 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://65.109.208.142/701 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://65.109.208.142/19 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://195.201.251.109/701 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://65.109.208.140/20 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.0.132/784 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://142.132.228.93/ | Arkei Stealer botnet C2 (confidence level: 100%) | |
urlhttp://62.204.41.88/9vdvvvjsw/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://194.67.87.32/securetrafficdatalife.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://193.0.178.235/drew/ | ISFB botnet C2 (confidence level: 100%) | |
urlhttp://62.173.149.10/drew/ | ISFB botnet C2 (confidence level: 100%) | |
urlhttp://31.41.44.27/drew/ | ISFB botnet C2 (confidence level: 100%) | |
urlhttp://35.88.90.115/dz | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://goupdatemic.online:8888/c/msdownload/update/others/2020/10/29136388_ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://77.73.134.51:8888/c/msdownload/update/others/2020/10/29136388_ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://neverchurka.ml/linemultiflower.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://drgb74ojbgxg7.cloudfront.net/ku | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://18.117.193.148//receive.php | BlackNET RAT botnet C2 (confidence level: 100%) | |
urlhttp://185.225.74.69/mad/inc/1c468152070648.php | Agent Tesla botnet C2 (confidence level: 100%) | |
urlhttp://65.109.210.114/ | Arkei Stealer botnet C2 (confidence level: 100%) | |
urlhttps://t.me/litlebey | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://5.75.149.127/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://89.185.84.43/20.01/pl/lot.djvu | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://195.201.251.109/15 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://195.201.251.109/682 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://65.109.208.142/862 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://65.21.58.6/784 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://frun.digital/letsgo.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://83.217.11.23/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://88.119.175.149:9999/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://vd-ntds.com/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://konactoratec.xyz/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://137.220.135.199:6789/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://208.67.105.87:13443/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://vd-ntds.com/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaingfduytsdf.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainlog.gfduytsdf.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintibloautonef.com | IcedID botnet C2 domain (confidence level: 50%) | |
domainnomaeradiur.com | IcedID botnet C2 domain (confidence level: 50%) | |
domaintrotimera.com | IcedID botnet C2 domain (confidence level: 50%) | |
domainswordnifhing.com | IcedID botnet C2 domain (confidence level: 50%) | |
domaintrustopaj.com | IcedID botnet C2 domain (confidence level: 50%) | |
domainulrtonemio.com | IcedID botnet C2 domain (confidence level: 50%) | |
domainrolewzullo.com | IcedID botnet C2 domain (confidence level: 50%) | |
domaintrastbaki.com | IcedID botnet C2 domain (confidence level: 50%) | |
domainiskopila.com | IcedID botnet C2 domain (confidence level: 50%) | |
domainscanproluet.com | IcedID botnet C2 domain (confidence level: 50%) | |
domainspotifrezise.com | IcedID botnet C2 domain (confidence level: 50%) | |
domaindrgb74ojbgxg7.cloudfront.net | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwwwirsforms-com.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainlibre-offlce.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainadobecom.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainwww-adobe-com.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainmicrosoft-teamscom.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainwwwteamviewercom.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainwww-discord-com.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainwww-irs-form.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainwww-onenote-com.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainwwwslackcom.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainwwwanydesk-com.top | IcedID Downloader payload delivery domain (confidence level: 100%) | |
domainfrun.digital | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainjcdruzgqg.buzz | Astaroth botnet C2 domain (confidence level: 100%) | |
domainmdjisnele.best | Astaroth botnet C2 domain (confidence level: 100%) | |
domainpwlzcblyl.icu | Astaroth botnet C2 domain (confidence level: 100%) | |
domaintesfwjcun.shop | Astaroth botnet C2 domain (confidence level: 100%) | |
domainzeoccodxa.click | Astaroth botnet C2 domain (confidence level: 100%) | |
domainbustlingservidor.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainchevalprovedores.one | Astaroth payload delivery domain (confidence level: 100%) | |
domaincloisteredkona.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainfaoprovedores.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainharmoniousutter.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainjazzysmartie.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainliaresolute.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainnondescriptresolute.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainprovedoresdesu.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainresolutelitz.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainthedebonairutter.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainutterpya.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainuttproeser.one | Astaroth payload delivery domain (confidence level: 100%) | |
domainvd-ntds.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainkonactoratec.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 68359c9d5d5f0974d01f65bc
Added to database: 5/27/2025, 11:06:05 AM
Last enriched: 7/5/2025, 11:12:27 PM
Last updated: 8/13/2025, 6:23:03 PM
Views: 13
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.