Skip to main content

ThreatFox IOCs for 2023-03-06

Medium
Published: Mon Mar 06 2023 (03/06/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-03-06

AI-Powered Analysis

AILast updated: 06/18/2025, 09:21:41 UTC

Technical Analysis

The provided threat intelligence relates to 'ThreatFox IOCs for 2023-03-06,' categorized as malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data originates from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) related to malware and cyber threats. The threat is tagged as 'type:osint' and 'tlp:white,' indicating that the information is intended for broad public sharing without restrictions. The technical details specify a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or detection across networks. No specific affected versions or products are listed, and no patches or known exploits in the wild are reported. The absence of CWEs (Common Weakness Enumerations) and specific indicators implies that this intelligence is primarily focused on sharing IOCs rather than detailing a particular vulnerability or exploit. The malware appears to be involved in network activity and payload delivery, which typically indicates attempts to infiltrate systems, establish persistence, or exfiltrate data. However, the lack of detailed technical indicators or exploit mechanisms limits the ability to fully characterize the malware's behavior or capabilities. Overall, this threat intelligence serves as a situational awareness update, providing organizations with IOCs to detect potential malicious activity related to this malware family or campaign.

Potential Impact

For European organizations, the impact of this threat is currently assessed as medium, consistent with the provided severity rating. Given the malware's association with OSINT, network activity, and payload delivery, potential impacts include unauthorized network access, data exfiltration, and the introduction of malicious payloads that could disrupt operations or compromise sensitive information. The lack of known exploits in the wild and absence of patchable vulnerabilities suggest that the threat is more about detection and monitoring rather than immediate exploitation. However, organizations with extensive network infrastructures or those involved in sensitive sectors such as finance, critical infrastructure, or government may face increased risk if the malware payloads evolve or are leveraged in targeted campaigns. The broad distribution rating indicates that the malware or its indicators may be widespread, increasing the likelihood of incidental exposure. The absence of detailed technical indicators means that detection relies heavily on updated threat intelligence feeds and network monitoring capabilities. Consequently, the threat could lead to increased incident response workloads and necessitate enhanced vigilance in network traffic analysis and endpoint monitoring.

Mitigation Recommendations

1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities specific to this malware's network activity and payload delivery patterns. 2. Conduct regular network traffic analysis focusing on unusual outbound connections or payload delivery attempts, leveraging behavioral analytics to identify anomalies that generic signature-based tools might miss. 3. Employ endpoint detection and response (EDR) solutions configured to monitor for suspicious payload execution and lateral movement attempts, even in the absence of known signatures. 4. Establish a threat hunting program that actively searches for signs of this malware using the latest IOCs and related threat intelligence, prioritizing high-value assets and critical network segments. 5. Maintain rigorous patch management and system hardening practices to reduce the attack surface, despite no specific patches being available for this threat, as general vulnerabilities could be exploited in conjunction with this malware. 6. Enhance user awareness training to recognize phishing or social engineering tactics that might be used to deliver the payload, as user interaction vectors are common in malware distribution. 7. Collaborate with national and European cybersecurity information sharing organizations to receive timely updates and contextual intelligence that could refine detection and response strategies.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
ffb26c5c-b2fb-4f65-bdd0-86717bac2102
Original Timestamp
1678147383

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://104.193.254.45/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52
LaplasClipper botnet C2 (confidence level: 100%)
urlhttp://45.159.189.105/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52
LaplasClipper botnet C2 (confidence level: 100%)
urlhttp://68.183.13.128/?page_id=1860
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://68.183.13.128/?page_id=4136377
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://195.189.96.146/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://84.54.50.28/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.131.112.184/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.132/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.137/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.147/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.151/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://94.142.138.164/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://103.184.97.117/auth
Aurora Stealer botnet C2 (confidence level: 100%)
urlhttp://46.151.30.40/dbserver/8packet/cdncdn4datalife/securetodle/flowerlinuxmariadb/uploads/bigload7image/temporarycdn/basegamepipe/game0/testprotonrequestsql/db0mariadb9/7linevideo/vmserverpublic/multilongpolllow/cdndatalifeprovider/dumptestbetter/updateprotect.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://45.128.234.216/externalto.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://85.31.45.100/329b7da7ac4c3538.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://45.90.222.125:7121/is-ready
Houdini botnet C2 (confidence level: 100%)
urlhttp://45.91.81.42:8081/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-dydpc1xk-1304560974.gz.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.91.81.42:8082/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://lahsfr12.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttps://208.67.105.87:13443/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.106.215.95/g9qpzle/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://service-ftyn94bx-1308675124.cd.apigw.tencentcs.com/jquery/2.0.1/jquery.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://143.42.120.56:8082/discussion/mayo-clinic-radio-als/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://172.96.237.159:8443/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://176.113.115.44/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://143.42.120.56:47666/category/research-2/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://108.165.178.42/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://dyshangcheng.info:8888/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.220.96/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50005/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://207.148.93.50:8090/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50001/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://108.165.178.42/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://api.360com.live/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://81.68.136.116/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://146.190.116.245/twr1tzi/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://134.209.216.163/qi46n1n/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://162.243.186.39/snujx/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://142.93.250.152/umua6sh/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://161.35.58.146/fiu1z/03/file.dll
QakBot payload delivery URL (confidence level: 100%)
urlhttp://51.195.166.206/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://143.42.120.56:48888/category/research-2/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50006/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.120.10/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://157.230.128.40/utsm.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://164.92.104.231/tarl.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://143.198.98.187/gie.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://137.184.8.182/la.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://138.197.208.176/se.php
QakBot payload delivery URL (confidence level: 100%)
urlhttp://95.217.221.82/
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.221.82/photos.zip
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/nemesisgrow
Vidar botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199471222742
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.8.130/
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.8.130/photos.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://65.109.12.165/
Vidar botnet C2 (confidence level: 100%)
urlhttp://65.109.12.165/photos.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://77.91.78.50/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://155.94.135.33:8888/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://94.131.105.174/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://198.23.223.145:4433/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://rlfslie.cloud:4433/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://it2it.tk:8443/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.222.7.224:1433/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.214.176.53:4445/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://94.142.138.160/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://120.79.64.164:9999/audiencemanager.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.103.64.64:1111/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://123.249.101.92/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.196.47.225:8045/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://218.28.63.34:8037/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.42.38.79:8888/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.79.70.83/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://progetecloud.online/c/msdownload/update/others/2020/10/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://163.123.142.213/c/msdownload/update/others/2020/10/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.195.172.110:8012/owa/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://1.13.82.101:4443/jquery-3.3.2.n2cq4mxdz4nio9xihttp.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.215.118:9090/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file45.8.146.108
RedLine Stealer botnet C2 server (confidence level: 100%)
file8.142.124.166
Cobalt Strike botnet C2 server (confidence level: 75%)
file152.89.196.12
Cobalt Strike botnet C2 server (confidence level: 75%)
file1.13.82.101
Cobalt Strike botnet C2 server (confidence level: 75%)
file79.134.225.17
STRRAT botnet C2 server (confidence level: 100%)
file195.189.96.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.0.14.205
STRRAT botnet C2 server (confidence level: 100%)
file18.231.93.153
NjRAT botnet C2 server (confidence level: 100%)
file54.94.248.37
NjRAT botnet C2 server (confidence level: 100%)
file18.229.248.167
NjRAT botnet C2 server (confidence level: 100%)
file18.229.146.63
NjRAT botnet C2 server (confidence level: 100%)
file3.124.142.205
NjRAT botnet C2 server (confidence level: 100%)
file3.125.209.94
NjRAT botnet C2 server (confidence level: 100%)
file3.125.102.39
NjRAT botnet C2 server (confidence level: 100%)
file18.158.249.75
NjRAT botnet C2 server (confidence level: 100%)
file45.153.241.202
Raccoon botnet C2 server (confidence level: 100%)
file65.108.241.85
Raccoon botnet C2 server (confidence level: 100%)
file77.91.68.33
Raccoon botnet C2 server (confidence level: 100%)
file77.91.78.46
Raccoon botnet C2 server (confidence level: 100%)
file77.91.78.50
Raccoon botnet C2 server (confidence level: 100%)
file77.91.84.20
Raccoon botnet C2 server (confidence level: 100%)
file77.91.84.68
Raccoon botnet C2 server (confidence level: 100%)
file85.217.144.18
Raccoon botnet C2 server (confidence level: 100%)
file89.23.97.130
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.162
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.166
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.168
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.169
Raccoon botnet C2 server (confidence level: 100%)
file94.142.138.177
Raccoon botnet C2 server (confidence level: 100%)
file104.40.27.143
Raccoon botnet C2 server (confidence level: 100%)
file185.106.92.101
Raccoon botnet C2 server (confidence level: 100%)
file185.106.94.71
Raccoon botnet C2 server (confidence level: 100%)
file192.153.57.230
Raccoon botnet C2 server (confidence level: 100%)
file212.113.106.218
Raccoon botnet C2 server (confidence level: 100%)
file65.21.52.22
Stealc botnet C2 server (confidence level: 100%)
file94.142.138.171
Stealc botnet C2 server (confidence level: 100%)
file82.115.223.9
Aurora Stealer botnet C2 server (confidence level: 100%)
file84.54.50.28
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.131.112.184
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.132
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.137
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.147
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.151
Aurora Stealer botnet C2 server (confidence level: 100%)
file94.142.138.164
Aurora Stealer botnet C2 server (confidence level: 100%)
file103.184.97.117
Aurora Stealer botnet C2 server (confidence level: 100%)
file104.37.173.104
Aurora Stealer botnet C2 server (confidence level: 100%)
file18.192.31.165
NjRAT botnet C2 server (confidence level: 100%)
file135.181.24.195
RedLine Stealer botnet C2 server (confidence level: 100%)
file85.217.144.59
Mirai botnet C2 server (confidence level: 75%)
file5.230.66.157
IcedID botnet C2 server (confidence level: 75%)
file45.11.180.82
SharkBot botnet C2 server (confidence level: 75%)
file5.230.73.157
IcedID botnet C2 server (confidence level: 75%)
file45.11.180.240
SharkBot botnet C2 server (confidence level: 75%)
file85.217.144.59
Mirai botnet C2 server (confidence level: 75%)
file91.193.75.141
Ave Maria botnet C2 server (confidence level: 100%)
file192.3.193.136
Nanocore RAT botnet C2 server (confidence level: 100%)
file68.183.21.224
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.241.93.150
SharkBot botnet C2 server (confidence level: 75%)
file103.213.111.207
AsyncRAT botnet C2 server (confidence level: 100%)
file194.59.218.147
AsyncRAT botnet C2 server (confidence level: 100%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file51.68.180.4
AsyncRAT botnet C2 server (confidence level: 75%)
file82.115.223.9
Aurora Stealer botnet C2 server (confidence level: 50%)
file103.184.97.117
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.164
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.151
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.147
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.137
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.142.138.132
Aurora Stealer botnet C2 server (confidence level: 50%)
file94.131.112.184
Aurora Stealer botnet C2 server (confidence level: 50%)
file179.61.251.213
Mirai botnet C2 server (confidence level: 75%)
file46.8.19.163
ISFB payload delivery server (confidence level: 75%)
file46.8.19.32
ISFB payload delivery server (confidence level: 75%)
file62.173.140.103
ISFB botnet C2 server (confidence level: 75%)
file31.41.44.63
ISFB botnet C2 server (confidence level: 75%)
file46.8.19.239
ISFB botnet C2 server (confidence level: 75%)
file185.77.96.40
ISFB botnet C2 server (confidence level: 75%)
file46.8.19.116
ISFB botnet C2 server (confidence level: 75%)
file31.41.44.48
ISFB botnet C2 server (confidence level: 75%)
file62.173.139.11
ISFB botnet C2 server (confidence level: 75%)
file62.173.138.251
ISFB botnet C2 server (confidence level: 75%)
file101.43.220.96
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.43.215.118
Cobalt Strike botnet C2 server (confidence level: 75%)
file118.195.172.110
Cobalt Strike botnet C2 server (confidence level: 75%)
file179.43.187.185
Cobalt Strike botnet C2 server (confidence level: 75%)
file84.32.34.97
Cobalt Strike botnet C2 server (confidence level: 75%)
file57.128.195.112
Cobalt Strike botnet C2 server (confidence level: 75%)
file1.15.141.252
Cobalt Strike botnet C2 server (confidence level: 75%)
file27.99.34.220
QakBot botnet C2 server (confidence level: 100%)
file83.7.52.249
QakBot botnet C2 server (confidence level: 100%)
file160.176.143.232
QakBot botnet C2 server (confidence level: 100%)
file64.237.221.254
QakBot botnet C2 server (confidence level: 100%)
file180.158.186.175
QakBot botnet C2 server (confidence level: 100%)
file176.205.188.253
QakBot botnet C2 server (confidence level: 100%)
file105.186.229.25
QakBot botnet C2 server (confidence level: 100%)
file102.46.73.102
QakBot botnet C2 server (confidence level: 100%)
file87.223.81.32
QakBot botnet C2 server (confidence level: 100%)
file116.74.164.150
QakBot botnet C2 server (confidence level: 100%)
file109.149.148.242
QakBot botnet C2 server (confidence level: 100%)
file202.187.239.34
QakBot botnet C2 server (confidence level: 100%)
file217.165.230.100
QakBot botnet C2 server (confidence level: 100%)
file86.98.212.69
QakBot botnet C2 server (confidence level: 100%)
file41.62.129.151
QakBot botnet C2 server (confidence level: 100%)
file37.186.55.152
QakBot botnet C2 server (confidence level: 100%)
file171.97.42.222
QakBot botnet C2 server (confidence level: 100%)
file86.99.51.33
QakBot botnet C2 server (confidence level: 100%)
file80.1.152.201
QakBot botnet C2 server (confidence level: 100%)
file31.167.215.175
QakBot botnet C2 server (confidence level: 100%)
file82.212.119.175
QakBot botnet C2 server (confidence level: 100%)
file85.139.118.210
QakBot botnet C2 server (confidence level: 100%)
file1.15.120.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file176.10.111.192
SharkBot botnet C2 server (confidence level: 75%)
file176.10.111.199
SharkBot botnet C2 server (confidence level: 75%)
file185.219.220.78
SharkBot botnet C2 server (confidence level: 75%)
file185.219.220.136
SharkBot botnet C2 server (confidence level: 75%)
file104.168.151.120
BumbleBee botnet C2 server (confidence level: 75%)
file95.217.221.82
Vidar botnet C2 server (confidence level: 100%)
file116.202.8.130
Vidar botnet C2 server (confidence level: 100%)
file65.109.12.165
Vidar botnet C2 server (confidence level: 100%)
file147.185.221.229
Orcus RAT botnet C2 server (confidence level: 100%)
file194.87.68.68
Sliver botnet C2 server (confidence level: 50%)
file194.87.68.68
Sliver botnet C2 server (confidence level: 50%)
file146.70.124.72
Unknown malware botnet C2 server (confidence level: 50%)
file112.29.177.90
Deimos botnet C2 server (confidence level: 50%)
file112.29.177.91
Deimos botnet C2 server (confidence level: 50%)
file112.29.177.98
Deimos botnet C2 server (confidence level: 50%)
file115.178.77.145
Deimos botnet C2 server (confidence level: 50%)
file150.230.194.159
Deimos botnet C2 server (confidence level: 50%)
file23.254.225.130
BumbleBee botnet C2 server (confidence level: 100%)
file51.83.248.92
BumbleBee botnet C2 server (confidence level: 100%)
file54.227.224.229
BianLian botnet C2 server (confidence level: 50%)
file54.227.224.229
BianLian botnet C2 server (confidence level: 50%)
file95.213.145.101
BianLian botnet C2 server (confidence level: 50%)
file216.238.83.131
BianLian botnet C2 server (confidence level: 50%)
file23.94.57.167
Kaiji botnet C2 server (confidence level: 75%)
file94.131.105.174
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.26.192.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.91.81.42
Cobalt Strike botnet C2 server (confidence level: 100%)
file79.137.198.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.255.102.167
IcedID botnet C2 server (confidence level: 75%)
file20.189.26.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.112.151.108
Cobalt Strike botnet C2 server (confidence level: 100%)
file163.123.142.213
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash19179
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash82
Cobalt Strike botnet C2 server (confidence level: 75%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash3704
STRRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3392
STRRAT botnet C2 server (confidence level: 100%)
hash13305
NjRAT botnet C2 server (confidence level: 100%)
hash13305
NjRAT botnet C2 server (confidence level: 100%)
hash13305
NjRAT botnet C2 server (confidence level: 100%)
hash13305
NjRAT botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash10776
NjRAT botnet C2 server (confidence level: 100%)
hash28416
RedLine Stealer botnet C2 server (confidence level: 100%)
hash45
Mirai botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash1024
Mirai botnet C2 server (confidence level: 75%)
hash3236
Ave Maria botnet C2 server (confidence level: 100%)
hashc9e84fae8578d34ab6b65d5c44e54fb2
Unknown malware payload (confidence level: 100%)
hashcaedf21246e5920e1015959f9fc9029f
Unknown malware payload (confidence level: 100%)
hash32031a03a5302c16d28028dbe3cc911e
Unknown malware payload (confidence level: 100%)
hashee71e50f5c24475a08456cc6486e12da
Unknown malware payload (confidence level: 100%)
hash9f4186242fd9479571daf9ea59a81342
Unknown malware payload (confidence level: 100%)
hash8635a69131f07f61225891a7d5ec8ace
Unknown malware payload (confidence level: 100%)
hash1344
Nanocore RAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4040
AsyncRAT botnet C2 server (confidence level: 75%)
hash5058
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
AsyncRAT botnet C2 server (confidence level: 75%)
hash8808
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash5683
Mirai botnet C2 server (confidence level: 75%)
hash445
ISFB payload delivery server (confidence level: 75%)
hash445
ISFB payload delivery server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
ISFB botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8012
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash56094
Orcus RAT botnet C2 server (confidence level: 100%)
hash25
Sliver botnet C2 server (confidence level: 50%)
hash80
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash10036
Deimos botnet C2 server (confidence level: 50%)
hash10036
Deimos botnet C2 server (confidence level: 50%)
hash10036
Deimos botnet C2 server (confidence level: 50%)
hash8800
Deimos botnet C2 server (confidence level: 50%)
hash9444
Deimos botnet C2 server (confidence level: 50%)
hash443
BumbleBee botnet C2 server (confidence level: 100%)
hash443
BumbleBee botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash8000
BianLian botnet C2 server (confidence level: 50%)
hash8080
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash2023
Kaiji botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainorduhanpi.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainogtaypi.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainmyuridgo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainmuhtargo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainmuhsingo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainosmanpo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainpayampo.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domaindownload-discord.top
Stealc payload delivery domain (confidence level: 100%)
domainservice-ftyn94bx-1308675124.cd.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapi.360com.live
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainrlfslie.cloud
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainit2it.tk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainprogetecloud.online
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682acdc2bbaf20d303f1421e

Added to database: 5/19/2025, 6:20:50 AM

Last enriched: 6/18/2025, 9:21:41 AM

Last updated: 8/16/2025, 12:26:28 PM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats