Skip to main content

ThreatFox IOCs for 2023-03-06

Medium
Published: Mon Mar 06 2023 (03/06/2023, 00:00:00 UTC)
Source: MISP

Description

ThreatFox IOCs for 2023-03-06

AI-Powered Analysis

AILast updated: 07/03/2025, 06:55:42 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-03-06 via ThreatFox, a platform that aggregates threat intelligence data. However, the details are minimal and do not specify any particular vulnerability, malware, or attack technique. The threat type is marked as 'unknown,' and no affected software versions or specific technical indicators are provided. The severity is noted as 'medium,' but this appears to be a general classification rather than one based on detailed exploitability or impact data. The threat level, analysis, and distribution metrics are low to moderate (threatLevel: 2, analysis: 1, distribution: 3), suggesting limited confidence or scope. No known exploits in the wild are reported, and there are no patch links or CWE identifiers. The tags indicate this is OSINT (open-source intelligence) data with a TLP (Traffic Light Protocol) white classification, meaning it is publicly shareable. Overall, this entry appears to be a generic or placeholder IOC publication without actionable or detailed threat information.

Potential Impact

Given the lack of specific technical details, affected systems, or exploit information, the potential impact on European organizations cannot be concretely assessed. Without known exploits or targeted vulnerabilities, the risk remains theoretical. If these IOCs were to be indicators related to malware or intrusion campaigns, European entities could be at risk depending on the nature of the threat. However, as no concrete attack vectors or affected products are identified, the immediate impact is minimal. Organizations should remain vigilant but no direct operational impact is evident from this data alone.

Mitigation Recommendations

Since no specific vulnerabilities or attack methods are described, mitigation should focus on general best practices for handling threat intelligence and IOCs: 1) Integrate IOC feeds like ThreatFox into existing security monitoring tools to detect potential malicious activity. 2) Maintain up-to-date endpoint protection and network defenses to prevent exploitation of unknown threats. 3) Conduct regular threat hunting exercises using available IOCs to identify any signs of compromise. 4) Ensure incident response teams are prepared to analyze and act on new intelligence as it becomes available. 5) Collaborate with information sharing communities to receive timely updates and context on emerging threats. These steps go beyond generic advice by emphasizing proactive IOC integration and community collaboration.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://104.193.254.45/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52
LaplasClipper botnet C2 (confidence level: 100%)
urlhttp://45.159.189.105/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52
LaplasClipper botnet C2 (confidence level: 100%)
urlhttp://68.183.13.128/?page_id=1860
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://68.183.13.128/?page_id=4136377
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://195.189.96.146/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://84.54.50.28/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.131.112.184/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.132/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.137/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.147/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.151/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.164/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://103.184.97.117/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://46.151.30.40/dbserver/8packet/cdncdn4datalife/securetodle/flowerlinuxmariadb/uploads/bigload7image/temporarycdn/basegamepipe/game0/testprotonrequestsql/db0mariadb9/7linevideo/vmserverpublic/multilongpolllow/cdndatalifeprovider/dumptestbetter/updateprotect.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://45.128.234.216/externalto.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://85.31.45.100/329b7da7ac4c3538.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://45.90.222.125:7121/is-ready
Houdini botnet C2 (confidence level: 100%)
urlhttp://45.91.81.42:8081/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-dydpc1xk-1304560974.gz.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.91.81.42:8082/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://lahsfr12.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttps://208.67.105.87:13443/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.106.215.95/g9qpzle/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://service-ftyn94bx-1308675124.cd.apigw.tencentcs.com/jquery/2.0.1/jquery.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://143.42.120.56:8082/discussion/mayo-clinic-radio-als/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://172.96.237.159:8443/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://176.113.115.44/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://143.42.120.56:47666/category/research-2/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://108.165.178.42/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://dyshangcheng.info:8888/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.220.96/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50005/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://207.148.93.50:8090/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50001/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://108.165.178.42/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://api.360com.live/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://81.68.136.116/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://146.190.116.245/twr1tzi/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://134.209.216.163/qi46n1n/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://162.243.186.39/snujx/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://142.93.250.152/umua6sh/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://161.35.58.146/fiu1z/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://51.195.166.206/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://143.42.120.56:48888/category/research-2/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50006/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.120.10/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://157.230.128.40/utsm.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://164.92.104.231/tarl.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://143.198.98.187/gie.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://137.184.8.182/la.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://138.197.208.176/se.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://95.217.221.82/
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.221.82/photos.zip
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/nemesisgrow
Vidar botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199471222742
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.8.130/
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.8.130/photos.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://65.109.12.165/
Vidar botnet C2 (confidence level: 100%)
urlhttp://65.109.12.165/photos.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://77.91.78.50/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://155.94.135.33:8888/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://94.131.105.174/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://198.23.223.145:4433/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://rlfslie.cloud:4433/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://it2it.tk:8443/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.222.7.224:1433/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.214.176.53:4445/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://94.142.138.160/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://120.79.64.164:9999/audiencemanager.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.103.64.64:1111/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://123.249.101.92/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.196.47.225:8045/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://218.28.63.34:8037/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.42.38.79:8888/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.79.70.83/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://progetecloud.online/c/msdownload/update/others/2020/10/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://163.123.142.213/c/msdownload/update/others/2020/10/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.195.172.110:8012/owa/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://1.13.82.101:4443/jquery-3.3.2.n2cq4mxdz4nio9xihttp.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.215.118:9090/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)

Ip dst|port

ValueDescriptionCopy
ip-dst|port45.8.146.108|19179
RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst|port8.142.124.166|8443
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port152.89.196.12|82
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port1.13.82.101|4443
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port79.134.225.17|3704
STRRAT botnet C2 server (confidence level: 100%)
ip-dst|port195.189.96.146|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port37.0.14.205|3392
STRRAT botnet C2 server (confidence level: 100%)
ip-dst|port18.231.93.153|13305
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port54.94.248.37|13305
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port18.229.248.167|13305
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port18.229.146.63|13305
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port3.124.142.205|10776
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port3.125.209.94|10776
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port3.125.102.39|10776
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port18.158.249.75|10776
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port45.153.241.202|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port65.108.241.85|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port77.91.68.33|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port77.91.78.46|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port77.91.78.50|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port77.91.84.20|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port77.91.84.68|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port85.217.144.18|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port89.23.97.130|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.162|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.166|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.168|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.169|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.177|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port104.40.27.143|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port185.106.92.101|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port185.106.94.71|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port192.153.57.230|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port212.113.106.218|80
Raccoon botnet C2 server (confidence level: 100%)
ip-dst|port65.21.52.22|80
Stealc botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.171|80
Stealc botnet C2 server (confidence level: 100%)
ip-dst|port82.115.223.9|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port84.54.50.28|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port94.131.112.184|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.132|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.137|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.147|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.151|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port94.142.138.164|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port103.184.97.117|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port104.37.173.104|8081
Aurora Stealer botnet C2 server (confidence level: 100%)
ip-dst|port18.192.31.165|10776
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port135.181.24.195|28416
RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst|port85.217.144.59|45
Mirai botnet C2 server (confidence level: 75%)
ip-dst|port5.230.66.157|443
IcedID botnet C2 server (confidence level: 75%)
ip-dst|port45.11.180.82|80
SharkBot botnet C2 server (confidence level: 75%)
ip-dst|port5.230.73.157|443
IcedID botnet C2 server (confidence level: 75%)
ip-dst|port45.11.180.240|80
SharkBot botnet C2 server (confidence level: 75%)
ip-dst|port85.217.144.59|1024
Mirai botnet C2 server (confidence level: 75%)
ip-dst|port91.193.75.141|3236
Ave Maria botnet C2 server (confidence level: 100%)
ip-dst|port192.3.193.136|1344
Nanocore RAT botnet C2 server (confidence level: 100%)
ip-dst|port68.183.21.224|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port91.241.93.150|80
SharkBot botnet C2 server (confidence level: 75%)
ip-dst|port103.213.111.207|6606
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port194.59.218.147|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port51.68.180.4|4040
AsyncRAT botnet C2 server (confidence level: 75%)
ip-dst|port51.68.180.4|5058
AsyncRAT botnet C2 server (confidence level: 75%)
ip-dst|port51.68.180.4|6606
AsyncRAT botnet C2 server (confidence level: 75%)
ip-dst|port51.68.180.4|7707
AsyncRAT botnet C2 server (confidence level: 75%)
ip-dst|port51.68.180.4|80
AsyncRAT botnet C2 server (confidence level: 75%)
ip-dst|port51.68.180.4|8808
AsyncRAT botnet C2 server (confidence level: 75%)
ip-dst|port82.115.223.9|80
Aurora Stealer botnet C2 server (confidence level: 50%)
ip-dst|port103.184.97.117|80
Aurora Stealer botnet C2 server (confidence level: 50%)
ip-dst|port94.142.138.164|80
Aurora Stealer botnet C2 server (confidence level: 50%)
ip-dst|port94.142.138.151|80
Aurora Stealer botnet C2 server (confidence level: 50%)
ip-dst|port94.142.138.147|80
Aurora Stealer botnet C2 server (confidence level: 50%)
ip-dst|port94.142.138.137|80
Aurora Stealer botnet C2 server (confidence level: 50%)
ip-dst|port94.142.138.132|80
Aurora Stealer botnet C2 server (confidence level: 50%)
ip-dst|port94.131.112.184|80
Aurora Stealer botnet C2 server (confidence level: 50%)
ip-dst|port179.61.251.213|5683
Mirai botnet C2 server (confidence level: 75%)
ip-dst|port46.8.19.163|445
ISFB payload delivery server (confidence level: 75%)
ip-dst|port46.8.19.32|445
ISFB payload delivery server (confidence level: 75%)
ip-dst|port62.173.140.103|80
ISFB botnet C2 server (confidence level: 75%)
ip-dst|port31.41.44.63|80
ISFB botnet C2 server (confidence level: 75%)
ip-dst|port46.8.19.239|80
ISFB botnet C2 server (confidence level: 75%)
ip-dst|port185.77.96.40|80
ISFB botnet C2 server (confidence level: 75%)
ip-dst|port46.8.19.116|80
ISFB botnet C2 server (confidence level: 75%)
ip-dst|port31.41.44.48|80
ISFB botnet C2 server (confidence level: 75%)
ip-dst|port62.173.139.11|80
ISFB botnet C2 server (confidence level: 75%)
ip-dst|port62.173.138.251|80
ISFB botnet C2 server (confidence level: 75%)
ip-dst|port101.43.220.96|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port101.43.215.118|9090
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port118.195.172.110|8012
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port179.43.187.185|8080
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port84.32.34.97|80
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port57.128.195.112|8443
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port1.15.141.252|8080
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port27.99.34.220|2222
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port83.7.52.249|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port160.176.143.232|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port64.237.221.254|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port180.158.186.175|995
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port176.205.188.253|2222
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port105.186.229.25|995
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port102.46.73.102|995
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port87.223.81.32|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port116.74.164.150|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port109.149.148.242|2222
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port202.187.239.34|995
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port217.165.230.100|2222
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port86.98.212.69|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port41.62.129.151|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port37.186.55.152|2222
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port171.97.42.222|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port86.99.51.33|2222
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port80.1.152.201|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port31.167.215.175|995
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port82.212.119.175|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port85.139.118.210|443
QakBot botnet C2 server (confidence level: 100%)
ip-dst|port1.15.120.10|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port176.10.111.192|80
SharkBot botnet C2 server (confidence level: 75%)
ip-dst|port176.10.111.199|80
SharkBot botnet C2 server (confidence level: 75%)
ip-dst|port185.219.220.78|80
SharkBot botnet C2 server (confidence level: 75%)
ip-dst|port185.219.220.136|80
SharkBot botnet C2 server (confidence level: 75%)
ip-dst|port104.168.151.120|443
BumbleBee botnet C2 server (confidence level: 75%)
ip-dst|port95.217.221.82|80
Vidar botnet C2 server (confidence level: 100%)
ip-dst|port116.202.8.130|80
Vidar botnet C2 server (confidence level: 100%)
ip-dst|port65.109.12.165|80
Vidar botnet C2 server (confidence level: 100%)
ip-dst|port147.185.221.229|56094
Orcus RAT botnet C2 server (confidence level: 100%)
ip-dst|port194.87.68.68|25
Sliver botnet C2 server (confidence level: 50%)
ip-dst|port194.87.68.68|80
Sliver botnet C2 server (confidence level: 50%)
ip-dst|port146.70.124.72|7443
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port112.29.177.90|10036
Deimos botnet C2 server (confidence level: 50%)
ip-dst|port112.29.177.91|10036
Deimos botnet C2 server (confidence level: 50%)
ip-dst|port112.29.177.98|10036
Deimos botnet C2 server (confidence level: 50%)
ip-dst|port115.178.77.145|8800
Deimos botnet C2 server (confidence level: 50%)
ip-dst|port150.230.194.159|9444
Deimos botnet C2 server (confidence level: 50%)
ip-dst|port23.254.225.130|443
BumbleBee botnet C2 server (confidence level: 100%)
ip-dst|port51.83.248.92|443
BumbleBee botnet C2 server (confidence level: 100%)
ip-dst|port54.227.224.229|443
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port54.227.224.229|8000
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port95.213.145.101|8080
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port216.238.83.131|443
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port23.94.57.167|2023
Kaiji botnet C2 server (confidence level: 75%)
ip-dst|port94.131.105.174|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port154.26.192.11|4433
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.91.81.42|8443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port79.137.198.115|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port5.255.102.167|443
IcedID botnet C2 server (confidence level: 75%)
ip-dst|port20.189.26.53|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port185.112.151.108|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port163.123.142.213|443
Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainorduhanpi.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainogtaypi.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainmyuridgo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainmuhtargo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainmuhsingo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainosmanpo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainpayampo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domaindownload-discord.top
Stealc payload delivery domain (confidence level: 100%)
domainservice-ftyn94bx-1308675124.cd.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapi.360com.live
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainrlfslie.cloud
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainit2it.tk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainprogetecloud.online
Cobalt Strike botnet C2 domain (confidence level: 100%)

Hash

ValueDescriptionCopy
hashc9e84fae8578d34ab6b65d5c44e54fb2
Unknown malware payload (confidence level: 100%)
hashcaedf21246e5920e1015959f9fc9029f
Unknown malware payload (confidence level: 100%)
hash32031a03a5302c16d28028dbe3cc911e
Unknown malware payload (confidence level: 100%)
hashee71e50f5c24475a08456cc6486e12da
Unknown malware payload (confidence level: 100%)
hash9f4186242fd9479571daf9ea59a81342
Unknown malware payload (confidence level: 100%)
hash8635a69131f07f61225891a7d5ec8ace
Unknown malware payload (confidence level: 100%)

Threat ID: 6828eab9e1a0c275ea6e2e23

Added to database: 5/17/2025, 7:59:53 PM

Last enriched: 7/3/2025, 6:55:42 AM

Last updated: 8/17/2025, 3:15:09 PM

Views: 28

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats