ThreatFox IOCs for 2023-03-06
ThreatFox IOCs for 2023-03-06
AI Analysis
Technical Summary
The provided threat intelligence relates to 'ThreatFox IOCs for 2023-03-06,' categorized as malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data originates from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) related to malware and cyber threats. The threat is tagged as 'type:osint' and 'tlp:white,' indicating that the information is intended for broad public sharing without restrictions. The technical details specify a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or detection across networks. No specific affected versions or products are listed, and no patches or known exploits in the wild are reported. The absence of CWEs (Common Weakness Enumerations) and specific indicators implies that this intelligence is primarily focused on sharing IOCs rather than detailing a particular vulnerability or exploit. The malware appears to be involved in network activity and payload delivery, which typically indicates attempts to infiltrate systems, establish persistence, or exfiltrate data. However, the lack of detailed technical indicators or exploit mechanisms limits the ability to fully characterize the malware's behavior or capabilities. Overall, this threat intelligence serves as a situational awareness update, providing organizations with IOCs to detect potential malicious activity related to this malware family or campaign.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium, consistent with the provided severity rating. Given the malware's association with OSINT, network activity, and payload delivery, potential impacts include unauthorized network access, data exfiltration, and the introduction of malicious payloads that could disrupt operations or compromise sensitive information. The lack of known exploits in the wild and absence of patchable vulnerabilities suggest that the threat is more about detection and monitoring rather than immediate exploitation. However, organizations with extensive network infrastructures or those involved in sensitive sectors such as finance, critical infrastructure, or government may face increased risk if the malware payloads evolve or are leveraged in targeted campaigns. The broad distribution rating indicates that the malware or its indicators may be widespread, increasing the likelihood of incidental exposure. The absence of detailed technical indicators means that detection relies heavily on updated threat intelligence feeds and network monitoring capabilities. Consequently, the threat could lead to increased incident response workloads and necessitate enhanced vigilance in network traffic analysis and endpoint monitoring.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities specific to this malware's network activity and payload delivery patterns. 2. Conduct regular network traffic analysis focusing on unusual outbound connections or payload delivery attempts, leveraging behavioral analytics to identify anomalies that generic signature-based tools might miss. 3. Employ endpoint detection and response (EDR) solutions configured to monitor for suspicious payload execution and lateral movement attempts, even in the absence of known signatures. 4. Establish a threat hunting program that actively searches for signs of this malware using the latest IOCs and related threat intelligence, prioritizing high-value assets and critical network segments. 5. Maintain rigorous patch management and system hardening practices to reduce the attack surface, despite no specific patches being available for this threat, as general vulnerabilities could be exploited in conjunction with this malware. 6. Enhance user awareness training to recognize phishing or social engineering tactics that might be used to deliver the payload, as user interaction vectors are common in malware distribution. 7. Collaborate with national and European cybersecurity information sharing organizations to receive timely updates and contextual intelligence that could refine detection and response strategies.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland, Sweden, Finland
Indicators of Compromise
- url: http://104.193.254.45/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52
- file: 45.8.146.108
- hash: 19179
- file: 8.142.124.166
- hash: 8443
- file: 152.89.196.12
- hash: 82
- file: 1.13.82.101
- hash: 4443
- file: 79.134.225.17
- hash: 3704
- url: http://45.159.189.105/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52
- url: http://68.183.13.128/?page_id=1860
- url: http://68.183.13.128/?page_id=4136377
- url: https://195.189.96.146/pixel.gif
- file: 195.189.96.146
- hash: 443
- file: 37.0.14.205
- hash: 3392
- file: 18.231.93.153
- hash: 13305
- file: 54.94.248.37
- hash: 13305
- file: 18.229.248.167
- hash: 13305
- file: 18.229.146.63
- hash: 13305
- file: 3.124.142.205
- hash: 10776
- file: 3.125.209.94
- hash: 10776
- file: 3.125.102.39
- hash: 10776
- file: 18.158.249.75
- hash: 10776
- file: 45.153.241.202
- hash: 80
- file: 65.108.241.85
- hash: 80
- file: 77.91.68.33
- hash: 80
- file: 77.91.78.46
- hash: 80
- file: 77.91.78.50
- hash: 80
- file: 77.91.84.20
- hash: 80
- file: 77.91.84.68
- hash: 80
- file: 85.217.144.18
- hash: 80
- file: 89.23.97.130
- hash: 80
- file: 94.142.138.162
- hash: 80
- file: 94.142.138.166
- hash: 80
- file: 94.142.138.168
- hash: 80
- file: 94.142.138.169
- hash: 80
- file: 94.142.138.177
- hash: 80
- file: 104.40.27.143
- hash: 80
- file: 185.106.92.101
- hash: 80
- file: 185.106.94.71
- hash: 80
- file: 192.153.57.230
- hash: 80
- file: 212.113.106.218
- hash: 80
- file: 65.21.52.22
- hash: 80
- file: 94.142.138.171
- hash: 80
- file: 82.115.223.9
- hash: 8081
- file: 84.54.50.28
- hash: 8081
- file: 94.131.112.184
- hash: 8081
- file: 94.142.138.132
- hash: 8081
- file: 94.142.138.137
- hash: 8081
- file: 94.142.138.147
- hash: 8081
- file: 94.142.138.151
- hash: 8081
- file: 94.142.138.164
- hash: 8081
- file: 103.184.97.117
- hash: 8081
- file: 104.37.173.104
- hash: 8081
- url: http://84.54.50.28/auth
- url: http://94.131.112.184/auth
- url: http://94.142.138.132/auth
- url: http://94.142.138.137/auth
- url: http://94.142.138.147/auth
- url: http://94.142.138.151/auth
- url: http://94.142.138.164/auth
- url: http://103.184.97.117/auth
- file: 18.192.31.165
- hash: 10776
- url: http://46.151.30.40/dbserver/8packet/cdncdn4datalife/securetodle/flowerlinuxmariadb/uploads/bigload7image/temporarycdn/basegamepipe/game0/testprotonrequestsql/db0mariadb9/7linevideo/vmserverpublic/multilongpolllow/cdndatalifeprovider/dumptestbetter/updateprotect.php
- file: 135.181.24.195
- hash: 28416
- file: 85.217.144.59
- hash: 45
- file: 5.230.66.157
- hash: 443
- file: 45.11.180.82
- hash: 80
- file: 5.230.73.157
- hash: 443
- file: 45.11.180.240
- hash: 80
- url: http://45.128.234.216/externalto.php
- url: http://85.31.45.100/329b7da7ac4c3538.php
- file: 85.217.144.59
- hash: 1024
- file: 91.193.75.141
- hash: 3236
- url: http://45.90.222.125:7121/is-ready
- domain: orduhanpi.ru
- domain: ogtaypi.ru
- domain: myuridgo.ru
- domain: muhtargo.ru
- domain: muhsingo.ru
- domain: osmanpo.ru
- domain: payampo.ru
- hash: c9e84fae8578d34ab6b65d5c44e54fb2
- hash: caedf21246e5920e1015959f9fc9029f
- hash: 32031a03a5302c16d28028dbe3cc911e
- hash: ee71e50f5c24475a08456cc6486e12da
- hash: 9f4186242fd9479571daf9ea59a81342
- hash: 8635a69131f07f61225891a7d5ec8ace
- domain: download-discord.top
- file: 192.3.193.136
- hash: 1344
- url: http://45.91.81.42:8081/cm
- url: https://service-dydpc1xk-1304560974.gz.apigw.tencentcs.com/api/x
- file: 68.183.21.224
- hash: 443
- url: http://45.91.81.42:8082/load
- file: 91.241.93.150
- hash: 80
- file: 103.213.111.207
- hash: 6606
- url: http://lahsfr12.top/gate.php
- file: 194.59.218.147
- hash: 8808
- url: https://208.67.105.87:13443/push
- file: 51.68.180.4
- hash: 4040
- file: 51.68.180.4
- hash: 5058
- file: 51.68.180.4
- hash: 6606
- file: 51.68.180.4
- hash: 7707
- file: 51.68.180.4
- hash: 80
- file: 51.68.180.4
- hash: 8808
- file: 82.115.223.9
- hash: 80
- file: 103.184.97.117
- hash: 80
- file: 94.142.138.164
- hash: 80
- file: 94.142.138.151
- hash: 80
- file: 94.142.138.147
- hash: 80
- file: 94.142.138.137
- hash: 80
- file: 94.142.138.132
- hash: 80
- file: 94.131.112.184
- hash: 80
- file: 179.61.251.213
- hash: 5683
- url: http://23.106.215.95/g9qpzle/index.php
- url: https://service-ftyn94bx-1308675124.cd.apigw.tencentcs.com/jquery/2.0.1/jquery.min.js
- domain: service-ftyn94bx-1308675124.cd.apigw.tencentcs.com
- url: http://143.42.120.56:8082/discussion/mayo-clinic-radio-als/
- url: https://172.96.237.159:8443/visit.js
- url: https://176.113.115.44/visit.js
- url: http://143.42.120.56:47666/category/research-2/
- url: https://108.165.178.42/pixel.gif
- file: 46.8.19.163
- hash: 445
- file: 46.8.19.32
- hash: 445
- file: 62.173.140.103
- hash: 80
- file: 31.41.44.63
- hash: 80
- file: 46.8.19.239
- hash: 80
- file: 185.77.96.40
- hash: 80
- file: 46.8.19.116
- hash: 80
- file: 31.41.44.48
- hash: 80
- file: 62.173.139.11
- hash: 80
- file: 62.173.138.251
- hash: 80
- url: http://dyshangcheng.info:8888/cx
- url: http://101.43.220.96/g.pixel
- file: 101.43.220.96
- hash: 80
- url: http://88.214.27.53:50005/g.pixel
- url: http://207.148.93.50:8090/__utm.gif
- url: http://88.214.27.53:50001/cm
- file: 101.43.215.118
- hash: 9090
- file: 118.195.172.110
- hash: 8012
- file: 179.43.187.185
- hash: 8080
- file: 84.32.34.97
- hash: 80
- file: 57.128.195.112
- hash: 8443
- file: 1.15.141.252
- hash: 8080
- url: http://108.165.178.42/updates.rss
- url: https://api.360com.live/_/scs/mail-static/_/js/
- domain: api.360com.live
- file: 27.99.34.220
- hash: 2222
- file: 83.7.52.249
- hash: 443
- file: 160.176.143.232
- hash: 443
- file: 64.237.221.254
- hash: 443
- file: 180.158.186.175
- hash: 995
- file: 176.205.188.253
- hash: 2222
- file: 105.186.229.25
- hash: 995
- file: 102.46.73.102
- hash: 995
- file: 87.223.81.32
- hash: 443
- file: 116.74.164.150
- hash: 443
- file: 109.149.148.242
- hash: 2222
- file: 202.187.239.34
- hash: 995
- file: 217.165.230.100
- hash: 2222
- file: 86.98.212.69
- hash: 443
- file: 41.62.129.151
- hash: 443
- file: 37.186.55.152
- hash: 2222
- file: 171.97.42.222
- hash: 443
- file: 86.99.51.33
- hash: 2222
- file: 80.1.152.201
- hash: 443
- file: 31.167.215.175
- hash: 995
- file: 82.212.119.175
- hash: 443
- file: 85.139.118.210
- hash: 443
- url: http://81.68.136.116/ga.js
- url: http://146.190.116.245/twr1tzi/03/file.dll
- url: http://134.209.216.163/qi46n1n/03/file.dll
- url: http://162.243.186.39/snujx/03/file.dll
- url: http://142.93.250.152/umua6sh/03/file.dll
- url: http://161.35.58.146/fiu1z/03/file.dll
- url: http://51.195.166.206/
- url: http://143.42.120.56:48888/category/research-2/
- url: http://88.214.27.53:50006/dot.gif
- url: http://1.15.120.10/ie9compatviewlist.xml
- file: 1.15.120.10
- hash: 80
- file: 176.10.111.192
- hash: 80
- file: 176.10.111.199
- hash: 80
- file: 185.219.220.78
- hash: 80
- file: 185.219.220.136
- hash: 80
- url: http://157.230.128.40/utsm.php
- url: http://164.92.104.231/tarl.php
- url: http://143.198.98.187/gie.php
- url: http://137.184.8.182/la.php
- url: http://138.197.208.176/se.php
- file: 104.168.151.120
- hash: 443
- url: http://95.217.221.82/
- url: http://95.217.221.82/photos.zip
- url: https://t.me/nemesisgrow
- url: https://steamcommunity.com/profiles/76561199471222742
- url: http://116.202.8.130/
- url: http://116.202.8.130/photos.zip
- url: http://65.109.12.165/
- url: http://65.109.12.165/photos.zip
- file: 95.217.221.82
- hash: 80
- file: 116.202.8.130
- hash: 80
- file: 65.109.12.165
- hash: 80
- file: 147.185.221.229
- hash: 56094
- url: http://77.91.78.50/
- file: 194.87.68.68
- hash: 25
- file: 194.87.68.68
- hash: 80
- file: 146.70.124.72
- hash: 7443
- file: 112.29.177.90
- hash: 10036
- file: 112.29.177.91
- hash: 10036
- file: 112.29.177.98
- hash: 10036
- file: 115.178.77.145
- hash: 8800
- file: 150.230.194.159
- hash: 9444
- file: 23.254.225.130
- hash: 443
- file: 51.83.248.92
- hash: 443
- file: 54.227.224.229
- hash: 443
- file: 54.227.224.229
- hash: 8000
- file: 95.213.145.101
- hash: 8080
- file: 216.238.83.131
- hash: 443
- file: 23.94.57.167
- hash: 2023
- url: http://155.94.135.33:8888/load
- url: https://94.131.105.174/push
- file: 94.131.105.174
- hash: 443
- url: https://198.23.223.145:4433/match
- url: https://rlfslie.cloud:4433/match
- domain: rlfslie.cloud
- file: 154.26.192.11
- hash: 4433
- url: http://it2it.tk:8443/pixel.gif
- domain: it2it.tk
- file: 45.91.81.42
- hash: 8443
- file: 79.137.198.115
- hash: 80
- url: http://20.222.7.224:1433/fwlink
- url: http://20.214.176.53:4445/dot.gif
- url: http://94.142.138.160/
- file: 5.255.102.167
- hash: 443
- url: http://120.79.64.164:9999/audiencemanager.js
- url: http://47.103.64.64:1111/ie9compatviewlist.xml
- file: 20.189.26.53
- hash: 80
- url: http://123.249.101.92/cm
- url: http://139.196.47.225:8045/dpixel
- file: 185.112.151.108
- hash: 443
- url: http://218.28.63.34:8037/updates.rss
- url: http://101.42.38.79:8888/visit.js
- url: http://120.79.70.83/dpixel
- url: https://progetecloud.online/c/msdownload/update/others/2020/10/29136388_
- domain: progetecloud.online
- url: https://163.123.142.213/c/msdownload/update/others/2020/10/29136388_
- file: 163.123.142.213
- hash: 443
- url: http://118.195.172.110:8012/owa/
- url: https://1.13.82.101:4443/jquery-3.3.2.n2cq4mxdz4nio9xihttp.min.js
- url: http://101.43.215.118:9090/updates.rss
ThreatFox IOCs for 2023-03-06
Description
ThreatFox IOCs for 2023-03-06
AI-Powered Analysis
Technical Analysis
The provided threat intelligence relates to 'ThreatFox IOCs for 2023-03-06,' categorized as malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data originates from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) related to malware and cyber threats. The threat is tagged as 'type:osint' and 'tlp:white,' indicating that the information is intended for broad public sharing without restrictions. The technical details specify a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or detection across networks. No specific affected versions or products are listed, and no patches or known exploits in the wild are reported. The absence of CWEs (Common Weakness Enumerations) and specific indicators implies that this intelligence is primarily focused on sharing IOCs rather than detailing a particular vulnerability or exploit. The malware appears to be involved in network activity and payload delivery, which typically indicates attempts to infiltrate systems, establish persistence, or exfiltrate data. However, the lack of detailed technical indicators or exploit mechanisms limits the ability to fully characterize the malware's behavior or capabilities. Overall, this threat intelligence serves as a situational awareness update, providing organizations with IOCs to detect potential malicious activity related to this malware family or campaign.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium, consistent with the provided severity rating. Given the malware's association with OSINT, network activity, and payload delivery, potential impacts include unauthorized network access, data exfiltration, and the introduction of malicious payloads that could disrupt operations or compromise sensitive information. The lack of known exploits in the wild and absence of patchable vulnerabilities suggest that the threat is more about detection and monitoring rather than immediate exploitation. However, organizations with extensive network infrastructures or those involved in sensitive sectors such as finance, critical infrastructure, or government may face increased risk if the malware payloads evolve or are leveraged in targeted campaigns. The broad distribution rating indicates that the malware or its indicators may be widespread, increasing the likelihood of incidental exposure. The absence of detailed technical indicators means that detection relies heavily on updated threat intelligence feeds and network monitoring capabilities. Consequently, the threat could lead to increased incident response workloads and necessitate enhanced vigilance in network traffic analysis and endpoint monitoring.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities specific to this malware's network activity and payload delivery patterns. 2. Conduct regular network traffic analysis focusing on unusual outbound connections or payload delivery attempts, leveraging behavioral analytics to identify anomalies that generic signature-based tools might miss. 3. Employ endpoint detection and response (EDR) solutions configured to monitor for suspicious payload execution and lateral movement attempts, even in the absence of known signatures. 4. Establish a threat hunting program that actively searches for signs of this malware using the latest IOCs and related threat intelligence, prioritizing high-value assets and critical network segments. 5. Maintain rigorous patch management and system hardening practices to reduce the attack surface, despite no specific patches being available for this threat, as general vulnerabilities could be exploited in conjunction with this malware. 6. Enhance user awareness training to recognize phishing or social engineering tactics that might be used to deliver the payload, as user interaction vectors are common in malware distribution. 7. Collaborate with national and European cybersecurity information sharing organizations to receive timely updates and contextual intelligence that could refine detection and response strategies.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ffb26c5c-b2fb-4f65-bdd0-86717bac2102
- Original Timestamp
- 1678147383
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://104.193.254.45/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52 | LaplasClipper botnet C2 (confidence level: 100%) | |
urlhttp://45.159.189.105/bot/regex?key=3682a4b856cc8db9e7c6f4deda4a6fdc2a8f662f4cc34c6d4365d36e3ed0ab52 | LaplasClipper botnet C2 (confidence level: 100%) | |
urlhttp://68.183.13.128/?page_id=1860 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://68.183.13.128/?page_id=4136377 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://195.189.96.146/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://84.54.50.28/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://94.131.112.184/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://94.142.138.132/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://94.142.138.137/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://94.142.138.147/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://94.142.138.151/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://94.142.138.164/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://103.184.97.117/auth | Aurora Stealer botnet C2 (confidence level: 100%) | |
urlhttp://46.151.30.40/dbserver/8packet/cdncdn4datalife/securetodle/flowerlinuxmariadb/uploads/bigload7image/temporarycdn/basegamepipe/game0/testprotonrequestsql/db0mariadb9/7linevideo/vmserverpublic/multilongpolllow/cdndatalifeprovider/dumptestbetter/updateprotect.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://45.128.234.216/externalto.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://85.31.45.100/329b7da7ac4c3538.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://45.90.222.125:7121/is-ready | Houdini botnet C2 (confidence level: 100%) | |
urlhttp://45.91.81.42:8081/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://service-dydpc1xk-1304560974.gz.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.91.81.42:8082/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://lahsfr12.top/gate.php | CryptBot botnet C2 (confidence level: 100%) | |
urlhttps://208.67.105.87:13443/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://23.106.215.95/g9qpzle/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://service-ftyn94bx-1308675124.cd.apigw.tencentcs.com/jquery/2.0.1/jquery.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://143.42.120.56:8082/discussion/mayo-clinic-radio-als/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://172.96.237.159:8443/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://176.113.115.44/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://143.42.120.56:47666/category/research-2/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://108.165.178.42/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://dyshangcheng.info:8888/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://101.43.220.96/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://88.214.27.53:50005/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://207.148.93.50:8090/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://88.214.27.53:50001/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://108.165.178.42/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://api.360com.live/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://81.68.136.116/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://146.190.116.245/twr1tzi/03/file.dll | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://134.209.216.163/qi46n1n/03/file.dll | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://162.243.186.39/snujx/03/file.dll | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://142.93.250.152/umua6sh/03/file.dll | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://161.35.58.146/fiu1z/03/file.dll | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://51.195.166.206/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://143.42.120.56:48888/category/research-2/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://88.214.27.53:50006/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.15.120.10/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://157.230.128.40/utsm.php | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://164.92.104.231/tarl.php | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://143.198.98.187/gie.php | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://137.184.8.182/la.php | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://138.197.208.176/se.php | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://95.217.221.82/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://95.217.221.82/photos.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://t.me/nemesisgrow | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199471222742 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.8.130/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.8.130/photos.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://65.109.12.165/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://65.109.12.165/photos.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://77.91.78.50/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://155.94.135.33:8888/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://94.131.105.174/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://198.23.223.145:4433/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://rlfslie.cloud:4433/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://it2it.tk:8443/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://20.222.7.224:1433/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://20.214.176.53:4445/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://94.142.138.160/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://120.79.64.164:9999/audiencemanager.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.103.64.64:1111/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://123.249.101.92/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://139.196.47.225:8045/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://218.28.63.34:8037/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://101.42.38.79:8888/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.79.70.83/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://progetecloud.online/c/msdownload/update/others/2020/10/29136388_ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://163.123.142.213/c/msdownload/update/others/2020/10/29136388_ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://118.195.172.110:8012/owa/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://1.13.82.101:4443/jquery-3.3.2.n2cq4mxdz4nio9xihttp.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://101.43.215.118:9090/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file45.8.146.108 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file8.142.124.166 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file152.89.196.12 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file1.13.82.101 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file79.134.225.17 | STRRAT botnet C2 server (confidence level: 100%) | |
file195.189.96.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file37.0.14.205 | STRRAT botnet C2 server (confidence level: 100%) | |
file18.231.93.153 | NjRAT botnet C2 server (confidence level: 100%) | |
file54.94.248.37 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.229.248.167 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.229.146.63 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.124.142.205 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.125.209.94 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.125.102.39 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.158.249.75 | NjRAT botnet C2 server (confidence level: 100%) | |
file45.153.241.202 | Raccoon botnet C2 server (confidence level: 100%) | |
file65.108.241.85 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.91.68.33 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.91.78.46 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.91.78.50 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.91.84.20 | Raccoon botnet C2 server (confidence level: 100%) | |
file77.91.84.68 | Raccoon botnet C2 server (confidence level: 100%) | |
file85.217.144.18 | Raccoon botnet C2 server (confidence level: 100%) | |
file89.23.97.130 | Raccoon botnet C2 server (confidence level: 100%) | |
file94.142.138.162 | Raccoon botnet C2 server (confidence level: 100%) | |
file94.142.138.166 | Raccoon botnet C2 server (confidence level: 100%) | |
file94.142.138.168 | Raccoon botnet C2 server (confidence level: 100%) | |
file94.142.138.169 | Raccoon botnet C2 server (confidence level: 100%) | |
file94.142.138.177 | Raccoon botnet C2 server (confidence level: 100%) | |
file104.40.27.143 | Raccoon botnet C2 server (confidence level: 100%) | |
file185.106.92.101 | Raccoon botnet C2 server (confidence level: 100%) | |
file185.106.94.71 | Raccoon botnet C2 server (confidence level: 100%) | |
file192.153.57.230 | Raccoon botnet C2 server (confidence level: 100%) | |
file212.113.106.218 | Raccoon botnet C2 server (confidence level: 100%) | |
file65.21.52.22 | Stealc botnet C2 server (confidence level: 100%) | |
file94.142.138.171 | Stealc botnet C2 server (confidence level: 100%) | |
file82.115.223.9 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file84.54.50.28 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file94.131.112.184 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file94.142.138.132 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file94.142.138.137 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file94.142.138.147 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file94.142.138.151 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file94.142.138.164 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file103.184.97.117 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file104.37.173.104 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
file18.192.31.165 | NjRAT botnet C2 server (confidence level: 100%) | |
file135.181.24.195 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file85.217.144.59 | Mirai botnet C2 server (confidence level: 75%) | |
file5.230.66.157 | IcedID botnet C2 server (confidence level: 75%) | |
file45.11.180.82 | SharkBot botnet C2 server (confidence level: 75%) | |
file5.230.73.157 | IcedID botnet C2 server (confidence level: 75%) | |
file45.11.180.240 | SharkBot botnet C2 server (confidence level: 75%) | |
file85.217.144.59 | Mirai botnet C2 server (confidence level: 75%) | |
file91.193.75.141 | Ave Maria botnet C2 server (confidence level: 100%) | |
file192.3.193.136 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file68.183.21.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.241.93.150 | SharkBot botnet C2 server (confidence level: 75%) | |
file103.213.111.207 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.59.218.147 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.68.180.4 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file51.68.180.4 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file51.68.180.4 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file51.68.180.4 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file51.68.180.4 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file51.68.180.4 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file82.115.223.9 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file103.184.97.117 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file94.142.138.164 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file94.142.138.151 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file94.142.138.147 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file94.142.138.137 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file94.142.138.132 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file94.131.112.184 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
file179.61.251.213 | Mirai botnet C2 server (confidence level: 75%) | |
file46.8.19.163 | ISFB payload delivery server (confidence level: 75%) | |
file46.8.19.32 | ISFB payload delivery server (confidence level: 75%) | |
file62.173.140.103 | ISFB botnet C2 server (confidence level: 75%) | |
file31.41.44.63 | ISFB botnet C2 server (confidence level: 75%) | |
file46.8.19.239 | ISFB botnet C2 server (confidence level: 75%) | |
file185.77.96.40 | ISFB botnet C2 server (confidence level: 75%) | |
file46.8.19.116 | ISFB botnet C2 server (confidence level: 75%) | |
file31.41.44.48 | ISFB botnet C2 server (confidence level: 75%) | |
file62.173.139.11 | ISFB botnet C2 server (confidence level: 75%) | |
file62.173.138.251 | ISFB botnet C2 server (confidence level: 75%) | |
file101.43.220.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.215.118 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file118.195.172.110 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file179.43.187.185 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file84.32.34.97 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file57.128.195.112 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file1.15.141.252 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file27.99.34.220 | QakBot botnet C2 server (confidence level: 100%) | |
file83.7.52.249 | QakBot botnet C2 server (confidence level: 100%) | |
file160.176.143.232 | QakBot botnet C2 server (confidence level: 100%) | |
file64.237.221.254 | QakBot botnet C2 server (confidence level: 100%) | |
file180.158.186.175 | QakBot botnet C2 server (confidence level: 100%) | |
file176.205.188.253 | QakBot botnet C2 server (confidence level: 100%) | |
file105.186.229.25 | QakBot botnet C2 server (confidence level: 100%) | |
file102.46.73.102 | QakBot botnet C2 server (confidence level: 100%) | |
file87.223.81.32 | QakBot botnet C2 server (confidence level: 100%) | |
file116.74.164.150 | QakBot botnet C2 server (confidence level: 100%) | |
file109.149.148.242 | QakBot botnet C2 server (confidence level: 100%) | |
file202.187.239.34 | QakBot botnet C2 server (confidence level: 100%) | |
file217.165.230.100 | QakBot botnet C2 server (confidence level: 100%) | |
file86.98.212.69 | QakBot botnet C2 server (confidence level: 100%) | |
file41.62.129.151 | QakBot botnet C2 server (confidence level: 100%) | |
file37.186.55.152 | QakBot botnet C2 server (confidence level: 100%) | |
file171.97.42.222 | QakBot botnet C2 server (confidence level: 100%) | |
file86.99.51.33 | QakBot botnet C2 server (confidence level: 100%) | |
file80.1.152.201 | QakBot botnet C2 server (confidence level: 100%) | |
file31.167.215.175 | QakBot botnet C2 server (confidence level: 100%) | |
file82.212.119.175 | QakBot botnet C2 server (confidence level: 100%) | |
file85.139.118.210 | QakBot botnet C2 server (confidence level: 100%) | |
file1.15.120.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.10.111.192 | SharkBot botnet C2 server (confidence level: 75%) | |
file176.10.111.199 | SharkBot botnet C2 server (confidence level: 75%) | |
file185.219.220.78 | SharkBot botnet C2 server (confidence level: 75%) | |
file185.219.220.136 | SharkBot botnet C2 server (confidence level: 75%) | |
file104.168.151.120 | BumbleBee botnet C2 server (confidence level: 75%) | |
file95.217.221.82 | Vidar botnet C2 server (confidence level: 100%) | |
file116.202.8.130 | Vidar botnet C2 server (confidence level: 100%) | |
file65.109.12.165 | Vidar botnet C2 server (confidence level: 100%) | |
file147.185.221.229 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file194.87.68.68 | Sliver botnet C2 server (confidence level: 50%) | |
file194.87.68.68 | Sliver botnet C2 server (confidence level: 50%) | |
file146.70.124.72 | Unknown malware botnet C2 server (confidence level: 50%) | |
file112.29.177.90 | Deimos botnet C2 server (confidence level: 50%) | |
file112.29.177.91 | Deimos botnet C2 server (confidence level: 50%) | |
file112.29.177.98 | Deimos botnet C2 server (confidence level: 50%) | |
file115.178.77.145 | Deimos botnet C2 server (confidence level: 50%) | |
file150.230.194.159 | Deimos botnet C2 server (confidence level: 50%) | |
file23.254.225.130 | BumbleBee botnet C2 server (confidence level: 100%) | |
file51.83.248.92 | BumbleBee botnet C2 server (confidence level: 100%) | |
file54.227.224.229 | BianLian botnet C2 server (confidence level: 50%) | |
file54.227.224.229 | BianLian botnet C2 server (confidence level: 50%) | |
file95.213.145.101 | BianLian botnet C2 server (confidence level: 50%) | |
file216.238.83.131 | BianLian botnet C2 server (confidence level: 50%) | |
file23.94.57.167 | Kaiji botnet C2 server (confidence level: 75%) | |
file94.131.105.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.26.192.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.91.81.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file79.137.198.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.255.102.167 | IcedID botnet C2 server (confidence level: 75%) | |
file20.189.26.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.112.151.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.123.142.213 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash19179 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash3704 | STRRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3392 | STRRAT botnet C2 server (confidence level: 100%) | |
hash13305 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13305 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13305 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13305 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10776 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10776 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10776 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10776 | NjRAT botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | Aurora Stealer botnet C2 server (confidence level: 100%) | |
hash10776 | NjRAT botnet C2 server (confidence level: 100%) | |
hash28416 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash45 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | SharkBot botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | SharkBot botnet C2 server (confidence level: 75%) | |
hash1024 | Mirai botnet C2 server (confidence level: 75%) | |
hash3236 | Ave Maria botnet C2 server (confidence level: 100%) | |
hashc9e84fae8578d34ab6b65d5c44e54fb2 | Unknown malware payload (confidence level: 100%) | |
hashcaedf21246e5920e1015959f9fc9029f | Unknown malware payload (confidence level: 100%) | |
hash32031a03a5302c16d28028dbe3cc911e | Unknown malware payload (confidence level: 100%) | |
hashee71e50f5c24475a08456cc6486e12da | Unknown malware payload (confidence level: 100%) | |
hash9f4186242fd9479571daf9ea59a81342 | Unknown malware payload (confidence level: 100%) | |
hash8635a69131f07f61225891a7d5ec8ace | Unknown malware payload (confidence level: 100%) | |
hash1344 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | SharkBot botnet C2 server (confidence level: 75%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4040 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash5058 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Aurora Stealer botnet C2 server (confidence level: 50%) | |
hash5683 | Mirai botnet C2 server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash445 | ISFB payload delivery server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | ISFB botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8012 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash2222 | QakBot botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash2222 | QakBot botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash2222 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash2222 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash2222 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | SharkBot botnet C2 server (confidence level: 75%) | |
hash80 | SharkBot botnet C2 server (confidence level: 75%) | |
hash80 | SharkBot botnet C2 server (confidence level: 75%) | |
hash80 | SharkBot botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash56094 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash25 | Sliver botnet C2 server (confidence level: 50%) | |
hash80 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10036 | Deimos botnet C2 server (confidence level: 50%) | |
hash10036 | Deimos botnet C2 server (confidence level: 50%) | |
hash10036 | Deimos botnet C2 server (confidence level: 50%) | |
hash8800 | Deimos botnet C2 server (confidence level: 50%) | |
hash9444 | Deimos botnet C2 server (confidence level: 50%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 100%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 50%) | |
hash8000 | BianLian botnet C2 server (confidence level: 50%) | |
hash8080 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | BianLian botnet C2 server (confidence level: 50%) | |
hash2023 | Kaiji botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainorduhanpi.ru | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainogtaypi.ru | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmyuridgo.ru | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmuhtargo.ru | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmuhsingo.ru | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainosmanpo.ru | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainpayampo.ru | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindownload-discord.top | Stealc payload delivery domain (confidence level: 100%) | |
domainservice-ftyn94bx-1308675124.cd.apigw.tencentcs.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainapi.360com.live | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainrlfslie.cloud | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainit2it.tk | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainprogetecloud.online | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682acdc2bbaf20d303f1421e
Added to database: 5/19/2025, 6:20:50 AM
Last enriched: 6/18/2025, 9:21:41 AM
Last updated: 8/16/2025, 12:26:28 PM
Views: 13
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.