Skip to main content

ThreatFox IOCs for 2023-03-06

Medium
Published: Mon Mar 06 2023 (03/06/2023, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-03-06

AI-Powered Analysis

AILast updated: 07/05/2025, 22:57:08 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on March 6, 2023, sourced from the ThreatFox MISP feed. ThreatFox is an open-source threat intelligence platform that aggregates and shares IOCs related to malware and other cyber threats. The data is categorized under 'malware' and 'osint' (open-source intelligence), with tags indicating network activity and payload delivery. However, the details are minimal, with no specific affected products, versions, or technical exploit details provided. There are no known exploits in the wild, no patches available, and no CWE (Common Weakness Enumeration) identifiers listed. The threat level is indicated as medium, with a threatLevel score of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting moderate dissemination of the IOCs. The absence of specific indicators or technical details limits the ability to analyze the exact nature of the malware or its attack vectors. Essentially, this entry appears to be a general update or collection of threat intelligence data rather than a detailed report of a novel or active security vulnerability or exploit.

Potential Impact

Given the lack of specific technical details, affected systems, or known exploits, the direct impact of this threat on European organizations is difficult to quantify. The medium severity rating and the nature of the data as OSINT IOCs imply that these indicators could be used by security teams to detect or prevent malware infections or network intrusions. If these IOCs correspond to emerging malware campaigns or payload delivery mechanisms, European organizations could face risks such as data breaches, service disruptions, or unauthorized access if they fail to incorporate these indicators into their detection systems. However, without concrete evidence of active exploitation or targeted attacks, the immediate risk remains moderate. The impact is primarily on the ability of organizations to maintain situational awareness and enhance their threat detection capabilities.

Mitigation Recommendations

To effectively mitigate risks associated with this threat intelligence update, European organizations should: 1) Integrate the provided IOCs from ThreatFox into their Security Information and Event Management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection of related malware or network activity. 2) Regularly update threat intelligence feeds and ensure automated ingestion of OSINT data to maintain up-to-date defenses. 3) Conduct proactive network monitoring focusing on unusual payload delivery patterns or suspicious network activity that aligns with the indicators. 4) Train security analysts to interpret and act on OSINT-derived IOCs, emphasizing correlation with internal logs and alerts. 5) Maintain robust incident response plans that can quickly leverage new threat intelligence to contain potential infections. Since no patches or specific vulnerabilities are identified, focus should be on detection and response rather than remediation of a software flaw.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
ffb26c5c-b2fb-4f65-bdd0-86717bac2102
Original Timestamp
1678147383

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://104.193.254.45/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52
LaplasClipper botnet C2 (confidence level: 100%)
urlhttp://45.159.189.105/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52
LaplasClipper botnet C2 (confidence level: 100%)
urlhttp://68.183.13.128/?page_id=1860
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://68.183.13.128/?page_id=4136377
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://195.189.96.146/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://84.54.50.28/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.131.112.184/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.132/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.137/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.147/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.151/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.164/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://103.184.97.117/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://46.151.30.40/dbserver/8packet/cdncdn4datalife/securetodle/flowerlinuxmariadb/uploads/bigload7image/temporarycdn/basegamepipe/game0/testprotonrequestsql/db0mariadb9/7linevideo/vmserverpublic/multilongpolllow/cdndatalifeprovider/dumptestbetter/updateprotect.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://45.128.234.216/externalto.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://85.31.45.100/329b7da7ac4c3538.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://45.90.222.125:7121/is-ready
Houdini botnet C2 (confidence level: 100%)
urlhttp://45.91.81.42:8081/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-dydpc1xk-1304560974.gz.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.91.81.42:8082/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://lahsfr12.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttps://208.67.105.87:13443/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.106.215.95/g9qpzle/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://service-ftyn94bx-1308675124.cd.apigw.tencentcs.com/jquery/2.0.1/jquery.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://143.42.120.56:8082/discussion/mayo-clinic-radio-als/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://172.96.237.159:8443/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://176.113.115.44/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://143.42.120.56:47666/category/research-2/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://108.165.178.42/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://dyshangcheng.info:8888/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.220.96/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50005/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://207.148.93.50:8090/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50001/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://108.165.178.42/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://api.360com.live/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://81.68.136.116/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://146.190.116.245/twr1tzi/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://134.209.216.163/qi46n1n/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://162.243.186.39/snujx/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://142.93.250.152/umua6sh/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://161.35.58.146/fiu1z/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://51.195.166.206/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://143.42.120.56:48888/category/research-2/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50006/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.120.10/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://157.230.128.40/utsm.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://164.92.104.231/tarl.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://143.198.98.187/gie.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://137.184.8.182/la.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://138.197.208.176/se.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://95.217.221.82/
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.221.82/photos.zip
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/nemesisgrow
Vidar botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199471222742
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.8.130/
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.8.130/photos.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://65.109.12.165/
Vidar botnet C2 (confidence level: 100%)
urlhttp://65.109.12.165/photos.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://77.91.78.50/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://155.94.135.33:8888/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://94.131.105.174/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://198.23.223.145:4433/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://rlfslie.cloud:4433/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://it2it.tk:8443/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.222.7.224:1433/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.214.176.53:4445/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://94.142.138.160/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://120.79.64.164:9999/audiencemanager.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.103.64.64:1111/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://123.249.101.92/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.196.47.225:8045/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://218.28.63.34:8037/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.42.38.79:8888/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.79.70.83/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://progetecloud.online/c/msdownload/update/others/2020/10/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://163.123.142.213/c/msdownload/update/others/2020/10/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.195.172.110:8012/owa/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://1.13.82.101:4443/jquery-3.3.2.n2cq4mxdz4nio9xihttp.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.215.118:9090/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file45.8.146.108
RedLine Stealer botnet C2 server (confidence level: 100%)
file8.142.124.166
Cobalt Strike botnet C2 server (confidence level: 75%)
file152.89.196.12
Cobalt Strike botnet C2 server (confidence level: 75%)
file1.13.82.101
Cobalt Strike botnet C2 server (confidence level: 75%)
file79.134.225.17
STRRAT botnet C2 server (confidence level: 100%)
file195.189.96.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.0.14.205
STRRAT botnet C2 server (confidence level: 100%)
file18.231.93.153
NjRAT botnet C2 server (confidence level: 100%)
file54.94.248.37
NjRAT botnet C2 server (confidence level: 100%)
file18.229.248.167
NjRAT botnet C2 server (confidence level: 100%)
file18.229.146.63
NjRAT botnet C2 server (confidence level: 100%)
file3.124.142.205
NjRAT botnet C2 server (confidence level: 100%)
file3.125.209.94
NjRAT botnet C2 server (confidence level: 100%)
file3.125.102.39
NjRAT botnet C2 server (confidence level: 100%)
file18.158.249.75
NjRAT botnet C2 server (confidence level: 100%)
file45.153.241.202
Raccoon botnet C2 server (confidence level: 100%)
file65.108.241.85
Raccoon botnet C2 server (confidence level: 100%)
file77.91.68.33
Raccoon botnet C2 server (confidence level: 100%)
file77.91.78.46
Raccoon botnet C2 server (confidence level: 100%)
file77.91.78.50
Raccoon botnet C2 server (confidence level: 100%)
file77.91.84.20
Raccoon botnet C2 server (confidence level: 100%)
file77.91.84.68
Raccoon botnet C2 server (confidence level: 100%)
file85.217.144.18
Raccoon botnet C2 server (confidence level: 100%)
file89.23.97.130
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.162
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.166
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.168
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.169
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.177
Raccoon botnet C2 server (confidence level: 100%)
file104.40.27.143
Raccoon botnet C2 server (confidence level: 100%)
file185.106.92.101
Raccoon botnet C2 server (confidence level: 100%)
file185.106.94.71
Raccoon botnet C2 server (confidence level: 100%)
file192.153.57.230
Raccoon botnet C2 server (confidence level: 100%)
file212.113.106.218
Raccoon botnet C2 server (confidence level: 100%)
file65.21.52.22
Stealc botnet C2 server (confidence level: 100%)
file94.142.138.171
Stealc botnet C2 server (confidence level: 100%)
file82.115.223.9
Aurora Stealer botnet C2 server (confidence level: 100%)
file84.54.50.28
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.131.112.184
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.132
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.137
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.147
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.151
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.164
Aurora Stealer botnet C2 server (confidence level: 100%)
file103.184.97.117
Aurora Stealer botnet C2 server (confidence level: 100%)
file104.37.173.104
Aurora Stealer botnet C2 server (confidence level: 100%)
file18.192.31.165
NjRAT botnet C2 server (confidence level: 100%)
file135.181.24.195
RedLine Stealer botnet C2 server (confidence level: 100%)
file85.217.144.59
Mirai botnet C2 server (confidence level: 75%)
file5.230.66.157
IcedID botnet C2 server (confidence level: 75%)
file45.11.180.82
SharkBot botnet C2 server (confidence level: 75%)
file5.230.73.157
IcedID botnet C2 server (confidence level: 75%)
file45.11.180.240
SharkBot botnet C2 server (confidence level: 75%)
file85.217.144.59
Mirai botnet C2 server (confidence level: 75%)
file91.193.75.141
Ave Maria botnet C2 server (confidence level: 100%)
file192.3.193.136
Nanocore RAT botnet C2 server (confidence level: 100%)
file68.183.21.224
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.241.93.150
SharkBot botnet C2 server (confidence level: 75%)
file103.213.111.207
AsyncRAT botnet C2 server (confidence level: 100%)
file194.59.218.147
AsyncRAT botnet C2 server (confidence level: 100%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file82.115.223.9
Aurora Stealer botnet C2 server (confidence level: 50%)
file103.184.97.117
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.164
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.151
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.147
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.137
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.132
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.131.112.184
Aurora Stealer botnet C2 server (confidence level: 50%)
file179.61.251.213
Mirai botnet C2 server (confidence level: 75%)
file46.8.19.163
ISFB payload delivery server (confidence level: 75%)
file46.8.19.32
ISFB payload delivery server (confidence level: 75%)
file62.173.140.103
ISFB botnet C2 server (confidence level: 75%)
file31.41.44.63
ISFB botnet C2 server (confidence level: 75%)
file46.8.19.239
ISFB botnet C2 server (confidence level: 75%)
file185.77.96.40
ISFB botnet C2 server (confidence level: 75%)
file46.8.19.116
ISFB botnet C2 server (confidence level: 75%)
file31.41.44.48
ISFB botnet C2 server (confidence level: 75%)
file62.173.139.11
ISFB botnet C2 server (confidence level: 75%)
file62.173.138.251
ISFB botnet C2 server (confidence level: 75%)
file101.43.220.96
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.43.215.118
Cobalt Strike botnet C2 server (confidence level: 75%)
file118.195.172.110
Cobalt Strike botnet C2 server (confidence level: 75%)
file179.43.187.185
Cobalt Strike botnet C2 server (confidence level: 75%)
file84.32.34.97
Cobalt Strike botnet C2 server (confidence level: 75%)
file57.128.195.112
Cobalt Strike botnet C2 server (confidence level: 75%)
file1.15.141.252
Cobalt Strike botnet C2 server (confidence level: 75%)
file27.99.34.220
QakBot botnet C2 server (confidence level: 100%)
file83.7.52.249
QakBot botnet C2 server (confidence level: 100%)
file160.176.143.232
QakBot botnet C2 server (confidence level: 100%)
file64.237.221.254
QakBot botnet C2 server (confidence level: 100%)
file180.158.186.175
QakBot botnet C2 server (confidence level: 100%)
file176.205.188.253
QakBot botnet C2 server (confidence level: 100%)
file105.186.229.25
QakBot botnet C2 server (confidence level: 100%)
file102.46.73.102
QakBot botnet C2 server (confidence level: 100%)
file87.223.81.32
QakBot botnet C2 server (confidence level: 100%)
file116.74.164.150
QakBot botnet C2 server (confidence level: 100%)
file109.149.148.242
QakBot botnet C2 server (confidence level: 100%)
file202.187.239.34
QakBot botnet C2 server (confidence level: 100%)
file217.165.230.100
QakBot botnet C2 server (confidence level: 100%)
file86.98.212.69
QakBot botnet C2 server (confidence level: 100%)
file41.62.129.151
QakBot botnet C2 server (confidence level: 100%)
file37.186.55.152
QakBot botnet C2 server (confidence level: 100%)
file171.97.42.222
QakBot botnet C2 server (confidence level: 100%)
file86.99.51.33
QakBot botnet C2 server (confidence level: 100%)
file80.1.152.201
QakBot botnet C2 server (confidence level: 100%)
file31.167.215.175
QakBot botnet C2 server (confidence level: 100%)
file82.212.119.175
QakBot botnet C2 server (confidence level: 100%)
file85.139.118.210
QakBot botnet C2 server (confidence level: 100%)
file1.15.120.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file176.10.111.192
SharkBot botnet C2 server (confidence level: 75%)
file176.10.111.199
SharkBot botnet C2 server (confidence level: 75%)
file185.219.220.78
SharkBot botnet C2 server (confidence level: 75%)
file185.219.220.136
SharkBot botnet C2 server (confidence level: 75%)
file104.168.151.120
BumbleBee botnet C2 server (confidence level: 75%)
file95.217.221.82
Vidar botnet C2 server (confidence level: 100%)
file116.202.8.130
Vidar botnet C2 server (confidence level: 100%)
file65.109.12.165
Vidar botnet C2 server (confidence level: 100%)
file147.185.221.229
Orcus RAT botnet C2 server (confidence level: 100%)
file194.87.68.68
Sliver botnet C2 server (confidence level: 50%)
file194.87.68.68
Sliver botnet C2 server (confidence level: 50%)
file146.70.124.72
Unknown malware botnet C2 server (confidence level: 50%)
file112.29.177.90
Deimos botnet C2 server (confidence level: 50%)
file112.29.177.91
Deimos botnet C2 server (confidence level: 50%)
file112.29.177.98
Deimos botnet C2 server (confidence level: 50%)
file115.178.77.145
Deimos botnet C2 server (confidence level: 50%)
file150.230.194.159
Deimos botnet C2 server (confidence level: 50%)
file23.254.225.130
BumbleBee botnet C2 server (confidence level: 100%)
file51.83.248.92
BumbleBee botnet C2 server (confidence level: 100%)
file54.227.224.229
BianLian botnet C2 server (confidence level: 50%)
file54.227.224.229
BianLian botnet C2 server (confidence level: 50%)
file95.213.145.101
BianLian botnet C2 server (confidence level: 50%)
file216.238.83.131
BianLian botnet C2 server (confidence level: 50%)
file23.94.57.167
Kaiji botnet C2 server (confidence level: 75%)
file94.131.105.174
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.26.192.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.91.81.42
Cobalt Strike botnet C2 server (confidence level: 100%)
file79.137.198.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.255.102.167
IcedID botnet C2 server (confidence level: 75%)
file20.189.26.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.112.151.108
Cobalt Strike botnet C2 server (confidence level: 100%)
file163.123.142.213
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash19179
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash82
Cobalt Strike botnet C2 server (confidence level: 75%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash3704
STRRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3392
STRRAT botnet C2 server (confidence level: 100%)
hash13305
NjRAT botnet C2 server (confidence level: 100%)
hash13305
NjRAT botnet C2 server (confidence level: 100%)
hash13305
NjRAT botnet C2 server (confidence level: 100%)
hash13305
NjRAT botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash28416
RedLine Stealer botnet C2 server (confidence level: 100%)
hash45
Mirai botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash1024
Mirai botnet C2 server (confidence level: 75%)
hash3236
Ave Maria botnet C2 server (confidence level: 100%)
hashc9e84fae8578d34ab6b65d5c44e54fb2
Unknown malware payload (confidence level: 100%)
hashcaedf21246e5920e1015959f9fc9029f
Unknown malware payload (confidence level: 100%)
hash32031a03a5302c16d28028dbe3cc911e
Unknown malware payload (confidence level: 100%)
hashee71e50f5c24475a08456cc6486e12da
Unknown malware payload (confidence level: 100%)
hash9f4186242fd9479571daf9ea59a81342
Unknown malware payload (confidence level: 100%)
hash8635a69131f07f61225891a7d5ec8ace
Unknown malware payload (confidence level: 100%)
hash1344
Nanocore RAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4040
AsyncRAT botnet C2 server (confidence level: 75%)
hash5058
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
AsyncRAT botnet C2 server (confidence level: 75%)
hash8808
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash5683
Mirai botnet C2 server (confidence level: 75%)
hash445
ISFB payload delivery server (confidence level: 75%)
hash445
ISFB payload delivery server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8012
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash56094
Orcus RAT botnet C2 server (confidence level: 100%)
hash25
Sliver botnet C2 server (confidence level: 50%)
hash80
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash10036
Deimos botnet C2 server (confidence level: 50%)
hash10036
Deimos botnet C2 server (confidence level: 50%)
hash10036
Deimos botnet C2 server (confidence level: 50%)
hash8800
Deimos botnet C2 server (confidence level: 50%)
hash9444
Deimos botnet C2 server (confidence level: 50%)
hash443
BumbleBee botnet C2 server (confidence level: 100%)
hash443
BumbleBee botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash8000
BianLian botnet C2 server (confidence level: 50%)
hash8080
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash2023
Kaiji botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainorduhanpi.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainogtaypi.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainmyuridgo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainmuhtargo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainmuhsingo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainosmanpo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainpayampo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domaindownload-discord.top
Stealc payload delivery domain (confidence level: 100%)
domainservice-ftyn94bx-1308675124.cd.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapi.360com.live
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainrlfslie.cloud
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainit2it.tk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainprogetecloud.online
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 68359c995d5f0974d01e01bb

Added to database: 5/27/2025, 11:06:01 AM

Last enriched: 7/5/2025, 10:57:08 PM

Last updated: 8/15/2025, 9:29:41 AM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats