ThreatFox IOCs for 2023-04-13

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat intelligence pertains to a collection of Indicators of Compromise (IOCs) published on April 13, 2023, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data. However, the information lacks specific details about the malware family, attack vectors, affected software versions, or technical exploitation methods. The threat level is indicated as low to medium (threatLevel: 2), with limited analysis available (analysis: 1), and a moderate distribution level (distribution: 3), suggesting some degree of spread or detection in the wild but no confirmed active exploitation. No known exploits are reported, and no patches or mitigations are directly linked to this threat. The absence of CWEs (Common Weakness Enumerations) and detailed technical indicators limits the ability to precisely characterize the malware's behavior or impact. The TLP (Traffic Light Protocol) classification is white, indicating the information is publicly shareable without restriction. Overall, this threat intelligence entry appears to be an early-stage or low-confidence report of malware-related IOCs collected via OSINT methods, without concrete evidence of active exploitation or targeted campaigns at this time.

Potential Impact

Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely low to medium. The threat could potentially lead to malware infections if the IOCs correspond to active malicious infrastructure or payloads, which might compromise confidentiality, integrity, or availability depending on the malware's capabilities. However, without specifics on the malware's functionality, propagation methods, or targeted systems, it is difficult to assess direct operational or data loss risks. European organizations relying heavily on OSINT tools or platforms that might ingest or interact with these IOCs could face increased exposure if these indicators are integrated into security monitoring without proper validation. Additionally, the moderate distribution level suggests some presence in the wild, which could lead to opportunistic infections or reconnaissance activities. The lack of known exploits and patches implies that organizations should remain vigilant but are not currently facing an active, high-severity threat.

Mitigation Recommendations

1. Validate and contextualize IOCs before integrating them into detection systems to avoid false positives or unnecessary alerts. 2. Maintain robust endpoint protection and network monitoring to detect anomalous activities potentially related to malware infections. 3. Employ threat intelligence sharing platforms to stay updated on any developments or new indicators related to this threat. 4. Conduct regular security awareness training focusing on recognizing and reporting suspicious activities, especially related to OSINT tools and data sources. 5. Implement strict access controls and segmentation for systems involved in OSINT data collection and analysis to limit potential lateral movement. 6. Continuously update and patch all systems and software, even though no specific patches are linked to this threat, to reduce the attack surface. 7. Perform periodic threat hunting exercises using the provided IOCs once validated, to identify any early signs of compromise.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: https://epec.com.bd/blo/me.zip
url: http://171.22.30.147/tony/five/fre.php
domain: jumphe.site
domain: urllink.site
domain: assistpayout.org
domain: devcodejs.org
domain: jsviewdev.org
domain: backendjs.org
domain: devqeury.org
domain: jqueryh.org
domain: jsqur.com
domain: balbalz1.com
file: 79.137.207.54
hash: 5222
file: 81.161.229.109
hash: 1515
file: 18.204.17.193
hash: 80
url: http://618239.clmonth.nyashteam.top/nyashsupport.php
file: 65.21.66.229
hash: 43749
url: https://175.178.35.25/match
file: 175.178.35.25
hash: 443
url: https://85.208.136.119/cnn/cnnx/dai/hds/stream_hd/1/cnnxlive1_4.bootstrap
file: 85.208.136.119
hash: 443
url: http://146.59.33.112/load
file: 146.59.33.112
hash: 80
url: http://101.34.37.185/g.pixel
file: 101.34.37.185
hash: 80
url: https://uhtincswa.cf/match
domain: uhtincswa.cf
url: http://62.204.41.45:8092/cm
url: http://a.bwvwvwv.cf:8880/wp06/wp-includes/po.php
url: http://43.155.75.235:8880/wp08/wp-includes/dtcla.php
url: http://91.213.50.110/load
url: http://208.67.105.148/money/five/fre.php
url: http://47.100.180.123:3003/cx
url: https://47.100.180.123:3004/j.ad
url: https://www.shangxueba.com/reactivate/encryption/lkpfsfmbp
domain: www.shangxueba.com
url: http://45.207.49.206:2090/match
url: https://45.207.49.206:2080/visit.js
url: http://82.157.43.174/j.ad
url: https://45.119.81.95/push
url: http://45.227.253.238:10000/cm
url: http://134.122.170.68:8080/en_us/all.js
url: https://8.142.69.99:55443/ca
file: 135.181.241.192
hash: 4326
url: http://ama.hostiko.com.ug/n9kdjc3xsf/index.php
url: http://ama.hostiko.link/n9kdjc3xsf/index.php
url: https://107.174.66.104/dev/registered/hzuhhw5afpx
url: http://23.94.202.169/dpixel
file: 35.157.111.131
hash: 12761
file: 3.124.67.191
hash: 12761
file: 3.68.56.232
hash: 12761
file: 3.67.15.169
hash: 12761
url: http://107.174.66.104:8443/dev/registered/hzuhhw5afpx
url: http://154.211.12.40/j.ad
file: 78.159.147.45
hash: 995
file: 82.212.107.207
hash: 443
file: 95.60.243.84
hash: 995
file: 190.199.245.138
hash: 2222
file: 209.243.10.63
hash: 443
url: https://134.122.170.68/push
url: http://39.99.232.247:9099/g.pixel
url: https://service-i4suy2ku-1257582847.nj.apigw.tencentcs.com/api/x
domain: service-i4suy2ku-1257582847.nj.apigw.tencentcs.com
file: 129.211.212.75
hash: 443
url: http://43.142.165.143:9999/article/details
url: https://141.98.6.7:8443/__utm.gif
url: http://103.219.104.82:53/match
file: 103.219.104.86
hash: 53
url: http://139.155.90.81:9999/load
url: https://39.99.45.71/sugrec
url: http://82.157.43.174:8787/cx
url: http://124.70.102.47:7777/updates.rss
url: http://124.222.177.70:8086/updates.rss
url: http://23.146.242.90/activity
file: 23.146.242.90
hash: 80
url: http://39.99.45.71/sugrec
file: 39.99.45.71
hash: 80
url: http://144.34.161.133:9999/pixel.gif
url: http://114.115.137.126:9999/cm
url: http://162.14.110.131/match
url: https://23.94.202.169/__utm.gif
domain: ama.hostiko.com.ug
url: http://110.40.214.45/__utm.gif
url: http://103.40.196.156:60182/mozi.m
url: http://101.0.42.123:38892/mozi.m
file: 45.9.168.40
hash: 7888
url: http://112.124.64.221/fwlink
file: 135.181.241.192
hash: 4327
file: 185.106.93.153
hash: 8081
file: 185.106.93.153
hash: 456
url: https://39.103.169.75/include/template/isx.php
url: http://106.53.97.219:8880/en_us/all.js
url: http://service-98cbalut-1302394400.sh.apigw.tencentcs.com/g.pixel
url: http://103.139.2.185:8000/__utm.gif
url: http://18.183.148.215:8080/pixel.gif
hash: d0efe94196b4923eb644ec0b53d226cc
hash: cf36bf564fbb7d5ec4cec9b0f185f6c9
hash: 82ecb8474efe5fedcb8f57b8aafa93d2
hash: 800db035f9b6f1e86a7f446a8a8e3947
hash: 0e594576bb36b025e80eab7c35dc885e
url: http://totalmassasje.no/schedule.php
url: http://signitivelogics.com/schedule.html
url: http://signitivelogics.com/bmw.html
url: http://literaturaelsalvador.com/instructions.html
url: http://literaturaelsalvador.com/schedule.html
url: http://parquesanrafael.cl/note.html
url: http://inovaoftalmologia.com.br/form.html
url: http://humanecosmetics.com/category/noteworthy/6426-7346-9789
url: http://139.155.242.111:4444/ca
url: http://139.155.242.111:4444/submit.php
file: 139.155.242.111
hash: 4444
hash: c938934c0f5304541087313382aee163e0c5239c
hash: 8eb64670c10505322d45f6114bc9f7de0826e3a1
hash: 3fd43de3c9f7609c52da71c1fc4c01ce0b5ac74c
hash: 381a3c6c7e119f58dfde6f03a9890353a20badfa1bfa7c38ede62c6b0692103c
hash: e957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98
hash: 4d92a4cecb62d237647a20d2cdfd944d5a29c1a14b274d729e9c8ccca1f0b68b
hash: 83863beee3502e42ced7e4b6dacb9eac
hash: 0e5ed33778ee9c020aa067546384abcb
hash: f532c0247b683de8936982e86876093b
hash: abc87df854f31725dd1d7231f6f07354
hash: 2ffaa8cbc7f0d21d03d3dd897d974dba
hash: 5b6d8a474c556fe327004ed8a33edcdb
hash: d9d40cb3e2fe05cf223dc0b592a592c132340042
hash: fbb482415f5312ed64b3a0ebee7fed5e6610c21a
hash: f61e0d09be2fc81d6f325aa7041be6136a747c2d
hash: e418d37fdcf4c288884bfe744b416cbdb0243a9e
hash: 22adbffd1dbf3e13d036f936049a2e98
hash: db2d9d2704d320ecbd606a8720c22559
hash: 166f7269c2a69d8d1294a753f9e53214
hash: 1609bcb75babd9a3e823811b4329b3b9
hash: d2027751280330559d1b42867e063a0f
hash: bd4cbcd9161e365067d0279b63a784ac
hash: 8dcac7513d569ca41126987d876a9940
hash: 3aca0abdd7ec958a539705d5a4244196
hash: 9159d3c58c5d970ed25c2db9c9487d7a
hash: 52932be0bd8e381127aab9c639e6699fd1ecf268
hash: ca1ef3aeed9c0c5cfa355b6255a5ab238229a051
hash: 02cd4148754c9337dfa2c3b0c31d9fdd064616a0
hash: 86dcdf623d0951e2f804c9fb4ef816fa5e6a22c3
hash: 15511f1944d96b6b51291e3a68a2a1a560d95305
hash: b91e71d8867ed8bf33ec39d07f4f7fa2c1eeb386
hash: 1f65d068d0fbaec88e6bcce5f83771ab42a7a8c5
hash: bacb46d2ce5dfcaf8544125903f69f01091bc3d6
hash: 6382ae2061c865ddcb9337f155ae2d036e232dfe
hash: c03292fca415b51d08da32e2f7226f66382eb391e19d53e3d81e3e3ba73aa8c1
hash: 18cc4c1577a5b3793ecc1e14db2883ffc6bf7c9792cf22d953c1482ffc124f5a
hash: 3c4c2ade1d7a2c55d3df4c19de72a9a6f68d7a281f44a0336e55b6d0f54ec36a
hash: 91b42488d1b8e5b547b945714c76c2af16b9566b35757bf055cec1fee9dff1b0
hash: 35271a5d3b8e046546417d174abd0839b9b5adfc6b89990fc67c852aafa9ebb0
hash: 673f91a2085358e3266f466845366f30cf741060edeb31e9a93e2c92033bba28
hash: 9c6683fbb0bf44557472bcef94c213c25a56df539f46449a487a40eecb828a14
hash: 10f1c5462eb006246cb7af5d696163db5facc452befbfd525f72507bb925131d
hash: a42dd6bea439b79db90067b84464e755488b784c3ee2e64ef169b9dcdd92b069
hash: 15d6036b6b8283571f947d325ea77364c9d48bfa064a865cd24678a466aa5e38
url: http://pateke.com/auth/login.php
hash: 65b35ef533836d6c577199289365ebf6
domain: sound.gloom37.zahidgo.ru
domain: zahidgo.ru
domain: alandiy7.com
domain: alandiy6.com
file: 78.153.130.72
hash: 80
hash: bfda05703188bdd2e02d8c0d5daddf0a
hash: 84c82835a5d21bbcf75a61706d8ab549
hash: bc0ff2276bca245852d9a8e2d830fc2b
hash: d2be1a27f18573db2219d3637391225d
hash: c47bba8a8821ace4dec8e4a83bcf5d86
hash: 920ef2a079ce71b0918e15448b850d26
url: https://techvibeo.com/files2/lbusiness%20plan%202023.lnk
domain: cnzz.fnxitong.com
domain: fnxitong.com
domain: so.fnxitong.com
file: 206.233.128.170
hash: 99
url: http://so.fnxitong.com:99/tongji.php
file: 18.198.77.177
hash: 11915
file: 35.158.159.254
hash: 11915
file: 3.121.139.82
hash: 11915
file: 3.127.59.75
hash: 11915
file: 52.28.112.211
hash: 11915
url: https://humanecosmetics.com/category/noteworthy/8264-1537-9826
url: https://gatewan.com/c/msdownload/update/others/2021/10/8padbdxltoki3eh8
url: https://gatewan.com/c/msdownload/update/others/2021/10/pgyhuorusiufant8aj
url: https://gatewan.com/c/msdownload/update/others/2021/10/se9fw4z8wjtmmypqu
domain: gatewan.com
url: http://atoz.supply/blo/me.zip
url: http://multconsultlaboratries.com/blo/me.zip
url: http://nutrisc.com.br/blo/me.zip
url: https://watersedgebunbury.com.au/blo/me.zip
url: http://1.14.127.220/visit.js
file: 1.14.127.220
hash: 80
file: 172.247.9.229
hash: 8443
url: http://82.157.43.174:82/en_us/all.js
url: https://topronet.com/ky.html
domain: topronet.com
file: 77.91.86.176
hash: 443
url: http://107.172.201.137:8082/visit.js
url: https://qw.mssexec.com/massaction
domain: qw.mssexec.com
url: https://as.mssexec.com/massaction
domain: as.mssexec.com
url: https://zx.mssexec.com/massaction
domain: zx.mssexec.com
file: 38.132.122.149
hash: 443
url: http://82.157.177.73:8081/ga.js
url: http://68.183.237.202:56226/pixel.gif
url: http://1.14.110.244:5678/pixel
url: http://service-dmasysh1-1309196782.sh.apigw.tencentcs.com/api/x
domain: service-dmasysh1-1309196782.sh.apigw.tencentcs.com
file: 111.92.243.74
hash: 80
file: 172.247.9.227
hash: 8443
url: http://1.117.71.188:8155/fwlink
url: http://114.115.137.126:8099/match
url: https://service-kaic9luv-1307760246.sh.apigw.tencentcs.com/api/x
domain: service-kaic9luv-1307760246.sh.apigw.tencentcs.com
file: 124.223.3.171
hash: 443
url: http://121.199.165.204/push
file: 121.199.165.204
hash: 80
file: 82.157.177.73
hash: 8082
url: http://43.134.238.101:60061/pixel.gif
url: http://101.37.31.139/dot.gif
file: 101.37.31.139
hash: 80
file: 172.247.9.230
hash: 8443
url: http://124.221.207.103:8008/ie9compatviewlist.xml
url: http://88.87.69.116:88/j.ad
url: https://124.70.54.58/dot.gif
file: 124.70.54.58
hash: 443
url: http://81.68.137.215:65534/api/getit
url: http://47.120.3.85/__utm.gif
file: 47.120.3.85
hash: 80
url: http://47.120.3.85:6667/visit.js
url: https://www.amz123.world/ga.js
domain: www.amz123.world
file: 82.157.177.73
hash: 443
url: http://www.amz123.world:8080/j.ad
file: 82.157.177.73
hash: 8080
url: http://124.223.79.97:8443/en_us/all.js
url: http://119.91.45.113:55891/complete/pr/h6tcqrwr
url: http://124.223.202.105/__utm.gif
file: 124.223.202.105
hash: 80
url: http://45.77.40.86:8082/www/handle/doc
url: https://143.92.58.97/microsoftupdate/shellex/kb242742/default.aspx
file: 143.92.58.97
hash: 443
url: http://www.amz123.world:2082/activity
file: 82.157.177.73
hash: 2082
file: 140.99.164.213
hash: 443
file: 87.251.64.208
hash: 443
file: 217.199.121.56
hash: 443
file: 45.81.243.48
hash: 44178
file: 195.201.251.197
hash: 80
file: 49.12.118.167
hash: 80
url: http://195.201.251.197/
url: http://49.12.118.167/
url: http://195.201.251.197/download.zip
url: http://49.12.118.167/download.zip
url: http://194.165.59.51/555555.dat
url: http://203.96.177.111/555555.dat
url: http://87.236.146.236/555555.dat
url: http://91.193.19.217/555555.dat
url: http://94.131.101.15/555555.dat
url: http://94.131.117.45/555555.dat
url: https://31its.com/blo/me.zip
url: https://7starsq8.com/blo/me.zip
url: https://aaa4title.com/blo/me.zip
url: https://adamsdramatictenor.com/blo/me.zip
url: https://almacorp.com/blo/me.zip
url: https://alphahelixconsulting.com/blo/me.zip
url: https://amaxtravel.com/blo/me.zip
url: https://anwaralseraj-eng.com/blo/me.zip
url: https://apartmengreenpramukacity.com/blo/me.zip
url: https://asgharintl.net/blo/me.zip
url: https://auto1.pk/blo/me.zip
url: https://axcltrading.com/blo/me.zip
url: https://axtwelding.com/blo/me.zip
url: https://baumadera.cl/blo/me.zip
url: https://bernardkhalil.com/blo/me.zip
url: https://bloomingbuddy.com/blo/me.zip
url: https://bookmytrip.us/blo/me.zip
url: https://campfishtank.com/blo/me.zip
url: https://candlestickpilates.com/blo/me.zip
url: https://chadservices.net/blo/me.zip
url: https://ciff.org/blo/me.zip
url: https://demo.bbits.solutions/blo/me.zip
url: https://dufontfaes.com/blo/me.zip
url: https://garrisonsloan.com/blo/me.zip
url: https://goldenface.org/blo/me.zip
url: https://hillcrestfoods.com/blo/me.zip
url: https://ilodges.co.uk/blo/me.zip
url: https://jobsnstudy.com/blo/me.zip
url: https://luburoadschool.com/blo/me.zip
url: https://makemyadvertisement.com/blo/me.zip
url: https://maxwellintl.com/blo/me.zip
url: https://mimiagaengineeringgroup.com/blo/me.zip
url: https://mirrornews.in/blo/me.zip
url: https://orionsolconsulting.com/blo/me.zip
url: https://pax.bjm.mybluehost.me/blo/me.zip
url: https://printstore.com.pk/blo/me.zip
url: https://profabdulqayyum.com/blo/me.zip
url: https://promoterst.xyz/blo/me.zip
url: https://regjoubertattorneys.co.za/blo/me.zip
url: https://royanspa.com/blo/me.zip
url: https://safe.bbits.solutions/blo/me.zip
url: https://silkroutemag.com/blo/me.zip
url: https://spicevillagedmv.com/blo/me.zip
url: https://switchandretain.com/blo/me.zip
url: https://tevoi.info/blo/me.zip
url: https://tuwebb.net/blo/me.zip
url: https://ukquestion.com/blo/me.zip
url: https://websitedesign.com.mm/blo/me.zip
url: https://webstdy.com/blo/me.zip
url: https://yourcarsolution.com/blo/me.zip
file: 90.78.147.141
hash: 2222
file: 41.230.171.196
hash: 443
file: 86.176.144.145
hash: 2222
file: 116.74.164.235
hash: 443
file: 87.200.170.30
hash: 443
file: 124.149.143.189
hash: 2222
file: 74.102.98.63
hash: 2222
file: 68.229.150.95
hash: 443
file: 103.144.201.56
hash: 2078
file: 92.118.36.252
hash: 80
domain: ber6vjyb.com
url: http://ber6vjyb.com/dns.php
hash: c0f8aeeb2d11c6e751ee87c40ee609aceb1c1036706a5af0d3d78738b6cc4125
url: http://182.122.255.102:50006/mozi.m
file: 134.209.122.158
hash: 31337
file: 134.209.122.158
hash: 8888
file: 35.73.220.65
hash: 80
file: 139.180.144.223
hash: 7443
file: 18.204.17.193
hash: 443
file: 18.204.17.193
hash: 8443
file: 54.70.125.21
hash: 443
file: 54.70.125.21
hash: 8080
file: 95.179.251.217
hash: 443
file: 104.200.73.117
hash: 8443
file: 172.245.128.35
hash: 7854
url: http://aaa4title.com/blo/me.zip
url: https://arjunanewsonline.com/blo/me.zip
url: http://dsostermanlaw.com/forum/viewtopic.php
url: http://nefcapital.com/forum/viewtopic.php
file: 79.137.202.0
hash: 25828
url: http://orionsolconsulting.com/blo/me.zip
url: https://blogonnet.com/blo/me.zip
url: https://api.telegram.org/bot6174413593:aaefjffmmgkhkg-43mzw2pt5eat6z2bs9ug/
url: https://121.37.163.196:9090/ga.js
file: 172.247.9.228
hash: 8443
url: http://23.224.143.23/g.pixel
file: 23.224.143.23
hash: 80
url: https://173.82.195.131:10998/__utm.gif
url: http://23.146.242.90/fwlink
file: 23.146.242.90
hash: 443
url: http://112.124.64.221/ie9compatviewlist.xml
file: 112.124.64.221
hash: 443
url: https://107.175.134.41:4431/cx

ThreatFox IOCs for 2023-04-13

Severity: medium

Type: malware

ThreatFox IOCs for 2023-04-13

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: https://epec.com.bd/blo/me.zip
url: http://171.22.30.147/tony/five/fre.php
domain: jumphe.site
domain: urllink.site
domain: assistpayout.org
domain: devcodejs.org
domain: jsviewdev.org
domain: backendjs.org
domain: devqeury.org
domain: jqueryh.org
domain: jsqur.com
domain: balbalz1.com
file: 79.137.207.54
hash: 5222
file: 81.161.229.109
hash: 1515
file: 18.204.17.193
hash: 80
url: http://618239.clmonth.nyashteam.top/nyashsupport.php
file: 65.21.66.229
hash: 43749
url: https://175.178.35.25/match
file: 175.178.35.25
hash: 443
url: https://85.208.136.119/cnn/cnnx/dai/hds/stream_hd/1/cnnxlive1_4.bootstrap
file: 85.208.136.119
hash: 443
url: http://146.59.33.112/load
file: 146.59.33.112
hash: 80
url: http://101.34.37.185/g.pixel
file: 101.34.37.185
hash: 80
url: https://uhtincswa.cf/match
domain: uhtincswa.cf
url: http://62.204.41.45:8092/cm
url: http://a.bwvwvwv.cf:8880/wp06/wp-includes/po.php
url: http://43.155.75.235:8880/wp08/wp-includes/dtcla.php
url: http://91.213.50.110/load
url: http://208.67.105.148/money/five/fre.php
url: http://47.100.180.123:3003/cx
url: https://47.100.180.123:3004/j.ad
url: https://www.shangxueba.com/reactivate/encryption/lkpfsfmbp
domain: www.shangxueba.com
url: http://45.207.49.206:2090/match
url: https://45.207.49.206:2080/visit.js
url: http://82.157.43.174/j.ad
url: https://45.119.81.95/push
url: http://45.227.253.238:10000/cm
url: http://134.122.170.68:8080/en_us/all.js
url: https://8.142.69.99:55443/ca
file: 135.181.241.192
hash: 4326
url: http://ama.hostiko.com.ug/n9kdjc3xsf/index.php
url: http://ama.hostiko.link/n9kdjc3xsf/index.php
url: https://107.174.66.104/dev/registered/hzuhhw5afpx
url: http://23.94.202.169/dpixel
file: 35.157.111.131
hash: 12761
file: 3.124.67.191
hash: 12761
file: 3.68.56.232
hash: 12761
file: 3.67.15.169
hash: 12761
url: http://107.174.66.104:8443/dev/registered/hzuhhw5afpx
url: http://154.211.12.40/j.ad
file: 78.159.147.45
hash: 995
file: 82.212.107.207
hash: 443
file: 95.60.243.84
hash: 995
file: 190.199.245.138
hash: 2222
file: 209.243.10.63
hash: 443
url: https://134.122.170.68/push
url: http://39.99.232.247:9099/g.pixel
url: https://service-i4suy2ku-1257582847.nj.apigw.tencentcs.com/api/x
domain: service-i4suy2ku-1257582847.nj.apigw.tencentcs.com
file: 129.211.212.75
hash: 443
url: http://43.142.165.143:9999/article/details
url: https://141.98.6.7:8443/__utm.gif
url: http://103.219.104.82:53/match
file: 103.219.104.86
hash: 53
url: http://139.155.90.81:9999/load
url: https://39.99.45.71/sugrec
url: http://82.157.43.174:8787/cx
url: http://124.70.102.47:7777/updates.rss
url: http://124.222.177.70:8086/updates.rss
url: http://23.146.242.90/activity
file: 23.146.242.90
hash: 80
url: http://39.99.45.71/sugrec
file: 39.99.45.71
hash: 80
url: http://144.34.161.133:9999/pixel.gif
url: http://114.115.137.126:9999/cm
url: http://162.14.110.131/match
url: https://23.94.202.169/__utm.gif
domain: ama.hostiko.com.ug
url: http://110.40.214.45/__utm.gif
url: http://103.40.196.156:60182/mozi.m
url: http://101.0.42.123:38892/mozi.m
file: 45.9.168.40
hash: 7888
url: http://112.124.64.221/fwlink
file: 135.181.241.192
hash: 4327
file: 185.106.93.153
hash: 8081
file: 185.106.93.153
hash: 456
url: https://39.103.169.75/include/template/isx.php
url: http://106.53.97.219:8880/en_us/all.js
url: http://service-98cbalut-1302394400.sh.apigw.tencentcs.com/g.pixel
url: http://103.139.2.185:8000/__utm.gif
url: http://18.183.148.215:8080/pixel.gif
hash: d0efe94196b4923eb644ec0b53d226cc
hash: cf36bf564fbb7d5ec4cec9b0f185f6c9
hash: 82ecb8474efe5fedcb8f57b8aafa93d2
hash: 800db035f9b6f1e86a7f446a8a8e3947
hash: 0e594576bb36b025e80eab7c35dc885e
url: http://totalmassasje.no/schedule.php
url: http://signitivelogics.com/schedule.html
url: http://signitivelogics.com/bmw.html
url: http://literaturaelsalvador.com/instructions.html
url: http://literaturaelsalvador.com/schedule.html
url: http://parquesanrafael.cl/note.html
url: http://inovaoftalmologia.com.br/form.html
url: http://humanecosmetics.com/category/noteworthy/6426-7346-9789
url: http://139.155.242.111:4444/ca
url: http://139.155.242.111:4444/submit.php
file: 139.155.242.111
hash: 4444
hash: c938934c0f5304541087313382aee163e0c5239c
hash: 8eb64670c10505322d45f6114bc9f7de0826e3a1
hash: 3fd43de3c9f7609c52da71c1fc4c01ce0b5ac74c
hash: 381a3c6c7e119f58dfde6f03a9890353a20badfa1bfa7c38ede62c6b0692103c
hash: e957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98
hash: 4d92a4cecb62d237647a20d2cdfd944d5a29c1a14b274d729e9c8ccca1f0b68b
hash: 83863beee3502e42ced7e4b6dacb9eac
hash: 0e5ed33778ee9c020aa067546384abcb
hash: f532c0247b683de8936982e86876093b
hash: abc87df854f31725dd1d7231f6f07354
hash: 2ffaa8cbc7f0d21d03d3dd897d974dba
hash: 5b6d8a474c556fe327004ed8a33edcdb
hash: d9d40cb3e2fe05cf223dc0b592a592c132340042
hash: fbb482415f5312ed64b3a0ebee7fed5e6610c21a
hash: f61e0d09be2fc81d6f325aa7041be6136a747c2d
hash: e418d37fdcf4c288884bfe744b416cbdb0243a9e
hash: 22adbffd1dbf3e13d036f936049a2e98
hash: db2d9d2704d320ecbd606a8720c22559
hash: 166f7269c2a69d8d1294a753f9e53214
hash: 1609bcb75babd9a3e823811b4329b3b9
hash: d2027751280330559d1b42867e063a0f
hash: bd4cbcd9161e365067d0279b63a784ac
hash: 8dcac7513d569ca41126987d876a9940
hash: 3aca0abdd7ec958a539705d5a4244196
hash: 9159d3c58c5d970ed25c2db9c9487d7a
hash: 52932be0bd8e381127aab9c639e6699fd1ecf268
hash: ca1ef3aeed9c0c5cfa355b6255a5ab238229a051
hash: 02cd4148754c9337dfa2c3b0c31d9fdd064616a0
hash: 86dcdf623d0951e2f804c9fb4ef816fa5e6a22c3
hash: 15511f1944d96b6b51291e3a68a2a1a560d95305
hash: b91e71d8867ed8bf33ec39d07f4f7fa2c1eeb386
hash: 1f65d068d0fbaec88e6bcce5f83771ab42a7a8c5
hash: bacb46d2ce5dfcaf8544125903f69f01091bc3d6
hash: 6382ae2061c865ddcb9337f155ae2d036e232dfe
hash: c03292fca415b51d08da32e2f7226f66382eb391e19d53e3d81e3e3ba73aa8c1
hash: 18cc4c1577a5b3793ecc1e14db2883ffc6bf7c9792cf22d953c1482ffc124f5a
hash: 3c4c2ade1d7a2c55d3df4c19de72a9a6f68d7a281f44a0336e55b6d0f54ec36a
hash: 91b42488d1b8e5b547b945714c76c2af16b9566b35757bf055cec1fee9dff1b0
hash: 35271a5d3b8e046546417d174abd0839b9b5adfc6b89990fc67c852aafa9ebb0
hash: 673f91a2085358e3266f466845366f30cf741060edeb31e9a93e2c92033bba28
hash: 9c6683fbb0bf44557472bcef94c213c25a56df539f46449a487a40eecb828a14
hash: 10f1c5462eb006246cb7af5d696163db5facc452befbfd525f72507bb925131d
hash: a42dd6bea439b79db90067b84464e755488b784c3ee2e64ef169b9dcdd92b069
hash: 15d6036b6b8283571f947d325ea77364c9d48bfa064a865cd24678a466aa5e38
url: http://pateke.com/auth/login.php
hash: 65b35ef533836d6c577199289365ebf6
domain: sound.gloom37.zahidgo.ru
domain: zahidgo.ru
domain: alandiy7.com
domain: alandiy6.com
file: 78.153.130.72
hash: 80
hash: bfda05703188bdd2e02d8c0d5daddf0a
hash: 84c82835a5d21bbcf75a61706d8ab549
hash: bc0ff2276bca245852d9a8e2d830fc2b
hash: d2be1a27f18573db2219d3637391225d
hash: c47bba8a8821ace4dec8e4a83bcf5d86
hash: 920ef2a079ce71b0918e15448b850d26
url: https://techvibeo.com/files2/lbusiness%20plan%202023.lnk
domain: cnzz.fnxitong.com
domain: fnxitong.com
domain: so.fnxitong.com
file: 206.233.128.170
hash: 99
url: http://so.fnxitong.com:99/tongji.php
file: 18.198.77.177
hash: 11915
file: 35.158.159.254
hash: 11915
file: 3.121.139.82
hash: 11915
file: 3.127.59.75
hash: 11915
file: 52.28.112.211
hash: 11915
url: https://humanecosmetics.com/category/noteworthy/8264-1537-9826
url: https://gatewan.com/c/msdownload/update/others/2021/10/8padbdxltoki3eh8
url: https://gatewan.com/c/msdownload/update/others/2021/10/pgyhuorusiufant8aj
url: https://gatewan.com/c/msdownload/update/others/2021/10/se9fw4z8wjtmmypqu
domain: gatewan.com
url: http://atoz.supply/blo/me.zip
url: http://multconsultlaboratries.com/blo/me.zip
url: http://nutrisc.com.br/blo/me.zip
url: https://watersedgebunbury.com.au/blo/me.zip
url: http://1.14.127.220/visit.js
file: 1.14.127.220
hash: 80
file: 172.247.9.229
hash: 8443
url: http://82.157.43.174:82/en_us/all.js
url: https://topronet.com/ky.html
domain: topronet.com
file: 77.91.86.176
hash: 443
url: http://107.172.201.137:8082/visit.js
url: https://qw.mssexec.com/massaction
domain: qw.mssexec.com
url: https://as.mssexec.com/massaction
domain: as.mssexec.com
url: https://zx.mssexec.com/massaction
domain: zx.mssexec.com
file: 38.132.122.149
hash: 443
url: http://82.157.177.73:8081/ga.js
url: http://68.183.237.202:56226/pixel.gif
url: http://1.14.110.244:5678/pixel
url: http://service-dmasysh1-1309196782.sh.apigw.tencentcs.com/api/x
domain: service-dmasysh1-1309196782.sh.apigw.tencentcs.com
file: 111.92.243.74
hash: 80
file: 172.247.9.227
hash: 8443
url: http://1.117.71.188:8155/fwlink
url: http://114.115.137.126:8099/match
url: https://service-kaic9luv-1307760246.sh.apigw.tencentcs.com/api/x
domain: service-kaic9luv-1307760246.sh.apigw.tencentcs.com
file: 124.223.3.171
hash: 443
url: http://121.199.165.204/push
file: 121.199.165.204
hash: 80
file: 82.157.177.73
hash: 8082
url: http://43.134.238.101:60061/pixel.gif
url: http://101.37.31.139/dot.gif
file: 101.37.31.139
hash: 80
file: 172.247.9.230
hash: 8443
url: http://124.221.207.103:8008/ie9compatviewlist.xml
url: http://88.87.69.116:88/j.ad
url: https://124.70.54.58/dot.gif
file: 124.70.54.58
hash: 443
url: http://81.68.137.215:65534/api/getit
url: http://47.120.3.85/__utm.gif
file: 47.120.3.85
hash: 80
url: http://47.120.3.85:6667/visit.js
url: https://www.amz123.world/ga.js
domain: www.amz123.world
file: 82.157.177.73
hash: 443
url: http://www.amz123.world:8080/j.ad
file: 82.157.177.73
hash: 8080
url: http://124.223.79.97:8443/en_us/all.js
url: http://119.91.45.113:55891/complete/pr/h6tcqrwr
url: http://124.223.202.105/__utm.gif
file: 124.223.202.105
hash: 80
url: http://45.77.40.86:8082/www/handle/doc
url: https://143.92.58.97/microsoftupdate/shellex/kb242742/default.aspx
file: 143.92.58.97
hash: 443
url: http://www.amz123.world:2082/activity
file: 82.157.177.73
hash: 2082
file: 140.99.164.213
hash: 443
file: 87.251.64.208
hash: 443
file: 217.199.121.56
hash: 443
file: 45.81.243.48
hash: 44178
file: 195.201.251.197
hash: 80
file: 49.12.118.167
hash: 80
url: http://195.201.251.197/
url: http://49.12.118.167/
url: http://195.201.251.197/download.zip
url: http://49.12.118.167/download.zip
url: http://194.165.59.51/555555.dat
url: http://203.96.177.111/555555.dat
url: http://87.236.146.236/555555.dat
url: http://91.193.19.217/555555.dat
url: http://94.131.101.15/555555.dat
url: http://94.131.117.45/555555.dat
url: https://31its.com/blo/me.zip
url: https://7starsq8.com/blo/me.zip
url: https://aaa4title.com/blo/me.zip
url: https://adamsdramatictenor.com/blo/me.zip
url: https://almacorp.com/blo/me.zip
url: https://alphahelixconsulting.com/blo/me.zip
url: https://amaxtravel.com/blo/me.zip
url: https://anwaralseraj-eng.com/blo/me.zip
url: https://apartmengreenpramukacity.com/blo/me.zip
url: https://asgharintl.net/blo/me.zip
url: https://auto1.pk/blo/me.zip
url: https://axcltrading.com/blo/me.zip
url: https://axtwelding.com/blo/me.zip
url: https://baumadera.cl/blo/me.zip
url: https://bernardkhalil.com/blo/me.zip
url: https://bloomingbuddy.com/blo/me.zip
url: https://bookmytrip.us/blo/me.zip
url: https://campfishtank.com/blo/me.zip
url: https://candlestickpilates.com/blo/me.zip
url: https://chadservices.net/blo/me.zip
url: https://ciff.org/blo/me.zip
url: https://demo.bbits.solutions/blo/me.zip
url: https://dufontfaes.com/blo/me.zip
url: https://garrisonsloan.com/blo/me.zip
url: https://goldenface.org/blo/me.zip
url: https://hillcrestfoods.com/blo/me.zip
url: https://ilodges.co.uk/blo/me.zip
url: https://jobsnstudy.com/blo/me.zip
url: https://luburoadschool.com/blo/me.zip
url: https://makemyadvertisement.com/blo/me.zip
url: https://maxwellintl.com/blo/me.zip
url: https://mimiagaengineeringgroup.com/blo/me.zip
url: https://mirrornews.in/blo/me.zip
url: https://orionsolconsulting.com/blo/me.zip
url: https://pax.bjm.mybluehost.me/blo/me.zip
url: https://printstore.com.pk/blo/me.zip
url: https://profabdulqayyum.com/blo/me.zip
url: https://promoterst.xyz/blo/me.zip
url: https://regjoubertattorneys.co.za/blo/me.zip
url: https://royanspa.com/blo/me.zip
url: https://safe.bbits.solutions/blo/me.zip
url: https://silkroutemag.com/blo/me.zip
url: https://spicevillagedmv.com/blo/me.zip
url: https://switchandretain.com/blo/me.zip
url: https://tevoi.info/blo/me.zip
url: https://tuwebb.net/blo/me.zip
url: https://ukquestion.com/blo/me.zip
url: https://websitedesign.com.mm/blo/me.zip
url: https://webstdy.com/blo/me.zip
url: https://yourcarsolution.com/blo/me.zip
file: 90.78.147.141
hash: 2222
file: 41.230.171.196
hash: 443
file: 86.176.144.145
hash: 2222
file: 116.74.164.235
hash: 443
file: 87.200.170.30
hash: 443
file: 124.149.143.189
hash: 2222
file: 74.102.98.63
hash: 2222
file: 68.229.150.95
hash: 443
file: 103.144.201.56
hash: 2078
file: 92.118.36.252
hash: 80
domain: ber6vjyb.com
url: http://ber6vjyb.com/dns.php
hash: c0f8aeeb2d11c6e751ee87c40ee609aceb1c1036706a5af0d3d78738b6cc4125
url: http://182.122.255.102:50006/mozi.m
file: 134.209.122.158
hash: 31337
file: 134.209.122.158
hash: 8888
file: 35.73.220.65
hash: 80
file: 139.180.144.223
hash: 7443
file: 18.204.17.193
hash: 443
file: 18.204.17.193
hash: 8443
file: 54.70.125.21
hash: 443
file: 54.70.125.21
hash: 8080
file: 95.179.251.217
hash: 443
file: 104.200.73.117
hash: 8443
file: 172.245.128.35
hash: 7854
url: http://aaa4title.com/blo/me.zip
url: https://arjunanewsonline.com/blo/me.zip
url: http://dsostermanlaw.com/forum/viewtopic.php
url: http://nefcapital.com/forum/viewtopic.php
file: 79.137.202.0
hash: 25828
url: http://orionsolconsulting.com/blo/me.zip
url: https://blogonnet.com/blo/me.zip
url: https://api.telegram.org/bot6174413593:aaefjffmmgkhkg-43mzw2pt5eat6z2bs9ug/
url: https://121.37.163.196:9090/ga.js
file: 172.247.9.228
hash: 8443
url: http://23.224.143.23/g.pixel
file: 23.224.143.23
hash: 80
url: https://173.82.195.131:10998/__utm.gif
url: http://23.146.242.90/fwlink
file: 23.146.242.90
hash: 443
url: http://112.124.64.221/ie9compatviewlist.xml
file: 112.124.64.221
hash: 443
url: https://107.175.134.41:4431/cx

Source: ThreatFox

Published: Thu Apr 13 2023

ThreatFox IOCs for 2023-04-13

Medium

Malwaretype:osint tlp:white

Published: Thu Apr 13 2023 (04/13/2023, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2023-04-13

AI-Powered Analysis

AILast updated: 06/19/2025, 13:47:39 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: e89e245c-ee1d-49d5-825d-8a2434bbdf28
Original Timestamp: 1681430586

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://epec.com.bd/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttp://171.22.30.147/tony/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://618239.clmonth.nyashteam.top/nyashsupport.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://175.178.35.25/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://85.208.136.119/cnn/cnnx/dai/hds/stream_hd/1/cnnxlive1_4.bootstrap	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://146.59.33.112/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.34.37.185/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://uhtincswa.cf/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://62.204.41.45:8092/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://a.bwvwvwv.cf:8880/wp06/wp-includes/po.php	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.155.75.235:8880/wp08/wp-includes/dtcla.php	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://91.213.50.110/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://208.67.105.148/money/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://47.100.180.123:3003/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.100.180.123:3004/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.shangxueba.com/reactivate/encryption/lkpfsfmbp	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.207.49.206:2090/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.207.49.206:2080/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.43.174/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.119.81.95/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.227.253.238:10000/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://134.122.170.68:8080/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.142.69.99:55443/ca	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://ama.hostiko.com.ug/n9kdjc3xsf/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://ama.hostiko.link/n9kdjc3xsf/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttps://107.174.66.104/dev/registered/hzuhhw5afpx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.94.202.169/dpixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://107.174.66.104:8443/dev/registered/hzuhhw5afpx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://154.211.12.40/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://134.122.170.68/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.99.232.247:9099/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-i4suy2ku-1257582847.nj.apigw.tencentcs.com/api/x	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.165.143:9999/article/details	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://141.98.6.7:8443/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.219.104.82:53/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.155.90.81:9999/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://39.99.45.71/sugrec	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.43.174:8787/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.70.102.47:7777/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.222.177.70:8086/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.146.242.90/activity	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.99.45.71/sugrec	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://144.34.161.133:9999/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.115.137.126:9999/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://162.14.110.131/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.94.202.169/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.40.214.45/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.40.196.156:60182/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttp://101.0.42.123:38892/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttp://112.124.64.221/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://39.103.169.75/include/template/isx.php	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.53.97.219:8880/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-98cbalut-1302394400.sh.apigw.tencentcs.com/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.139.2.185:8000/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://18.183.148.215:8080/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://totalmassasje.no/schedule.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://signitivelogics.com/schedule.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://signitivelogics.com/bmw.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://literaturaelsalvador.com/instructions.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://literaturaelsalvador.com/schedule.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://parquesanrafael.cl/note.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://inovaoftalmologia.com.br/form.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://humanecosmetics.com/category/noteworthy/6426-7346-9789	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://139.155.242.111:4444/ca	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.155.242.111:4444/submit.php	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://pateke.com/auth/login.php	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://techvibeo.com/files2/lbusiness%20plan%202023.lnk	DUCKTAIL payload delivery URL (confidence level: 100%)
urlhttp://so.fnxitong.com:99/tongji.php	CopperStealer botnet C2 (confidence level: 100%)
urlhttps://humanecosmetics.com/category/noteworthy/8264-1537-9826	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://gatewan.com/c/msdownload/update/others/2021/10/8padbdxltoki3eh8	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://gatewan.com/c/msdownload/update/others/2021/10/pgyhuorusiufant8aj	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://gatewan.com/c/msdownload/update/others/2021/10/se9fw4z8wjtmmypqu	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://atoz.supply/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttp://multconsultlaboratries.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttp://nutrisc.com.br/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://watersedgebunbury.com.au/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttp://1.14.127.220/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.43.174:82/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://topronet.com/ky.html	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://107.172.201.137:8082/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://qw.mssexec.com/massaction	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://as.mssexec.com/massaction	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://zx.mssexec.com/massaction	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.177.73:8081/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://68.183.237.202:56226/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.14.110.244:5678/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-dmasysh1-1309196782.sh.apigw.tencentcs.com/api/x	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.117.71.188:8155/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.115.137.126:8099/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-kaic9luv-1307760246.sh.apigw.tencentcs.com/api/x	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.199.165.204/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.134.238.101:60061/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.37.31.139/dot.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.221.207.103:8008/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.87.69.116:88/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.70.54.58/dot.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://81.68.137.215:65534/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.120.3.85/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.120.3.85:6667/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.amz123.world/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.amz123.world:8080/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.223.79.97:8443/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://119.91.45.113:55891/complete/pr/h6tcqrwr	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.223.202.105/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.77.40.86:8082/www/handle/doc	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://143.92.58.97/microsoftupdate/shellex/kb242742/default.aspx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.amz123.world:2082/activity	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://195.201.251.197/	Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.118.167/	Vidar botnet C2 (confidence level: 100%)
urlhttp://195.201.251.197/download.zip	Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.118.167/download.zip	Vidar botnet C2 (confidence level: 100%)
urlhttp://194.165.59.51/555555.dat	QakBot payload delivery URL (confidence level: 100%)
urlhttp://203.96.177.111/555555.dat	QakBot payload delivery URL (confidence level: 100%)
urlhttp://87.236.146.236/555555.dat	QakBot payload delivery URL (confidence level: 100%)
urlhttp://91.193.19.217/555555.dat	QakBot payload delivery URL (confidence level: 100%)
urlhttp://94.131.101.15/555555.dat	QakBot payload delivery URL (confidence level: 100%)
urlhttp://94.131.117.45/555555.dat	QakBot payload delivery URL (confidence level: 100%)
urlhttps://31its.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://7starsq8.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://aaa4title.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://adamsdramatictenor.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://almacorp.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://alphahelixconsulting.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://amaxtravel.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://anwaralseraj-eng.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://apartmengreenpramukacity.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://asgharintl.net/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://auto1.pk/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://axcltrading.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://axtwelding.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://baumadera.cl/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://bernardkhalil.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://bloomingbuddy.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://bookmytrip.us/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://campfishtank.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://candlestickpilates.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://chadservices.net/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://ciff.org/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://demo.bbits.solutions/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://dufontfaes.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://garrisonsloan.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://goldenface.org/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://hillcrestfoods.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://ilodges.co.uk/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://jobsnstudy.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://luburoadschool.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://makemyadvertisement.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://maxwellintl.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://mimiagaengineeringgroup.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://mirrornews.in/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://orionsolconsulting.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://pax.bjm.mybluehost.me/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://printstore.com.pk/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://profabdulqayyum.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://promoterst.xyz/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://regjoubertattorneys.co.za/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://royanspa.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://safe.bbits.solutions/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://silkroutemag.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://spicevillagedmv.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://switchandretain.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://tevoi.info/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://tuwebb.net/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://ukquestion.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://websitedesign.com.mm/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://webstdy.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://yourcarsolution.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttp://ber6vjyb.com/dns.php	Silence botnet C2 (confidence level: 100%)
urlhttp://182.122.255.102:50006/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttp://aaa4title.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://arjunanewsonline.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttp://dsostermanlaw.com/forum/viewtopic.php	Pony botnet C2 (confidence level: 100%)
urlhttp://nefcapital.com/forum/viewtopic.php	Pony botnet C2 (confidence level: 100%)
urlhttp://orionsolconsulting.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://blogonnet.com/blo/me.zip	QakBot payload delivery URL (confidence level: 100%)
urlhttps://api.telegram.org/bot6174413593:aaefjffmmgkhkg-43mzw2pt5eat6z2bs9ug/	Agent Tesla botnet C2 (confidence level: 100%)
urlhttps://121.37.163.196:9090/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.224.143.23/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://173.82.195.131:10998/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.146.242.90/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://112.124.64.221/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://107.175.134.41:4431/cx	Cobalt Strike botnet C2 (confidence level: 100%)

Domain

Value	Description	Copy
domainjumphe.site	Joker botnet C2 domain (confidence level: 100%)
domainurllink.site	Joker botnet C2 domain (confidence level: 100%)
domainassistpayout.org	Unknown malware payload delivery domain (confidence level: 100%)
domaindevcodejs.org	Unknown malware payload delivery domain (confidence level: 100%)
domainjsviewdev.org	Unknown malware payload delivery domain (confidence level: 100%)
domainbackendjs.org	Unknown malware payload delivery domain (confidence level: 100%)
domaindevqeury.org	Unknown malware payload delivery domain (confidence level: 100%)
domainjqueryh.org	Unknown malware payload delivery domain (confidence level: 100%)
domainjsqur.com	Unknown malware payload delivery domain (confidence level: 100%)
domainbalbalz1.com	NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainuhtincswa.cf	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.shangxueba.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-i4suy2ku-1257582847.nj.apigw.tencentcs.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainama.hostiko.com.ug	Amadey botnet C2 domain (confidence level: 50%)
domainsound.gloom37.zahidgo.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainzahidgo.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainalandiy7.com	Hydra botnet C2 domain (confidence level: 100%)
domainalandiy6.com	Hydra botnet C2 domain (confidence level: 100%)
domaincnzz.fnxitong.com	CopperStealer botnet C2 domain (confidence level: 100%)
domainfnxitong.com	CopperStealer botnet C2 domain (confidence level: 100%)
domainso.fnxitong.com	CopperStealer botnet C2 domain (confidence level: 100%)
domaingatewan.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domaintopronet.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainqw.mssexec.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainas.mssexec.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainzx.mssexec.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-dmasysh1-1309196782.sh.apigw.tencentcs.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-kaic9luv-1307760246.sh.apigw.tencentcs.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.amz123.world	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainber6vjyb.com	Silence botnet C2 domain (confidence level: 100%)

File

Value	Description	Copy
file79.137.207.54	NetSupportManager RAT botnet C2 server (confidence level: 75%)
file81.161.229.109	Ave Maria botnet C2 server (confidence level: 100%)
file18.204.17.193	BianLian botnet C2 server (confidence level: 50%)
file65.21.66.229	RedLine Stealer botnet C2 server (confidence level: 100%)
file175.178.35.25	Cobalt Strike botnet C2 server (confidence level: 100%)
file85.208.136.119	Cobalt Strike botnet C2 server (confidence level: 100%)
file146.59.33.112	Cobalt Strike botnet C2 server (confidence level: 100%)
file101.34.37.185	Cobalt Strike botnet C2 server (confidence level: 100%)
file135.181.241.192	RedLine Stealer botnet C2 server (confidence level: 100%)
file35.157.111.131	NjRAT botnet C2 server (confidence level: 100%)
file3.124.67.191	NjRAT botnet C2 server (confidence level: 100%)
file3.68.56.232	NjRAT botnet C2 server (confidence level: 100%)
file3.67.15.169	NjRAT botnet C2 server (confidence level: 100%)
file78.159.147.45	QakBot botnet C2 server (confidence level: 50%)
file82.212.107.207	QakBot botnet C2 server (confidence level: 50%)
file95.60.243.84	QakBot botnet C2 server (confidence level: 50%)
file190.199.245.138	QakBot botnet C2 server (confidence level: 50%)
file209.243.10.63	QakBot botnet C2 server (confidence level: 50%)
file129.211.212.75	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.219.104.86	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.146.242.90	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.99.45.71	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.9.168.40	STRRAT botnet C2 server (confidence level: 100%)
file135.181.241.192	RedLine Stealer botnet C2 server (confidence level: 100%)
file185.106.93.153	Aurora Stealer botnet C2 server (confidence level: 100%)
file185.106.93.153	Aurora Stealer botnet C2 server (confidence level: 100%)
file139.155.242.111	Cobalt Strike botnet C2 server (confidence level: 100%)
file78.153.130.72	Hydra botnet C2 server (confidence level: 75%)
file206.233.128.170	CopperStealer botnet C2 server (confidence level: 75%)
file18.198.77.177	Nanocore RAT botnet C2 server (confidence level: 100%)
file35.158.159.254	Nanocore RAT botnet C2 server (confidence level: 100%)
file3.121.139.82	Nanocore RAT botnet C2 server (confidence level: 100%)
file3.127.59.75	Nanocore RAT botnet C2 server (confidence level: 100%)
file52.28.112.211	Nanocore RAT botnet C2 server (confidence level: 100%)
file1.14.127.220	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.247.9.229	Cobalt Strike botnet C2 server (confidence level: 100%)
file77.91.86.176	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.132.122.149	Cobalt Strike botnet C2 server (confidence level: 100%)
file111.92.243.74	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.247.9.227	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.3.171	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.199.165.204	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.157.177.73	Cobalt Strike botnet C2 server (confidence level: 100%)
file101.37.31.139	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.247.9.230	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.70.54.58	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.3.85	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.157.177.73	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.157.177.73	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.202.105	Cobalt Strike botnet C2 server (confidence level: 100%)
file143.92.58.97	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.157.177.73	Cobalt Strike botnet C2 server (confidence level: 100%)
file140.99.164.213	Cobalt Strike botnet C2 server (confidence level: 100%)
file87.251.64.208	IcedID botnet C2 server (confidence level: 75%)
file217.199.121.56	IcedID botnet C2 server (confidence level: 75%)
file45.81.243.48	RedLine Stealer botnet C2 server (confidence level: 100%)
file195.201.251.197	Vidar botnet C2 server (confidence level: 100%)
file49.12.118.167	Vidar botnet C2 server (confidence level: 100%)
file90.78.147.141	QakBot botnet C2 server (confidence level: 100%)
file41.230.171.196	QakBot botnet C2 server (confidence level: 100%)
file86.176.144.145	QakBot botnet C2 server (confidence level: 100%)
file116.74.164.235	QakBot botnet C2 server (confidence level: 100%)
file87.200.170.30	QakBot botnet C2 server (confidence level: 100%)
file124.149.143.189	QakBot botnet C2 server (confidence level: 100%)
file74.102.98.63	QakBot botnet C2 server (confidence level: 100%)
file68.229.150.95	QakBot botnet C2 server (confidence level: 100%)
file103.144.201.56	QakBot botnet C2 server (confidence level: 100%)
file92.118.36.252	Silence botnet C2 server (confidence level: 100%)
file134.209.122.158	Sliver botnet C2 server (confidence level: 50%)
file134.209.122.158	Sliver botnet C2 server (confidence level: 50%)
file35.73.220.65	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file139.180.144.223	Unknown malware botnet C2 server (confidence level: 50%)
file18.204.17.193	BianLian botnet C2 server (confidence level: 50%)
file18.204.17.193	BianLian botnet C2 server (confidence level: 50%)
file54.70.125.21	BianLian botnet C2 server (confidence level: 50%)
file54.70.125.21	BianLian botnet C2 server (confidence level: 50%)
file95.179.251.217	BianLian botnet C2 server (confidence level: 50%)
file104.200.73.117	BianLian botnet C2 server (confidence level: 50%)
file172.245.128.35	BianLian botnet C2 server (confidence level: 50%)
file79.137.202.0	RedLine Stealer botnet C2 server (confidence level: 100%)
file172.247.9.228	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.224.143.23	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.146.242.90	Cobalt Strike botnet C2 server (confidence level: 100%)
file112.124.64.221	Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash5222	NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash1515	Ave Maria botnet C2 server (confidence level: 100%)
hash80	BianLian botnet C2 server (confidence level: 50%)
hash43749	RedLine Stealer botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4326	RedLine Stealer botnet C2 server (confidence level: 100%)
hash12761	NjRAT botnet C2 server (confidence level: 100%)
hash12761	NjRAT botnet C2 server (confidence level: 100%)
hash12761	NjRAT botnet C2 server (confidence level: 100%)
hash12761	NjRAT botnet C2 server (confidence level: 100%)
hash995	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash995	QakBot botnet C2 server (confidence level: 50%)
hash2222	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash53	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7888	STRRAT botnet C2 server (confidence level: 100%)
hash4327	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8081	Aurora Stealer botnet C2 server (confidence level: 100%)
hash456	Aurora Stealer botnet C2 server (confidence level: 100%)
hashd0efe94196b4923eb644ec0b53d226cc	Unknown malware payload (confidence level: 100%)
hashcf36bf564fbb7d5ec4cec9b0f185f6c9	Unknown malware payload (confidence level: 100%)
hash82ecb8474efe5fedcb8f57b8aafa93d2	Unknown malware payload (confidence level: 100%)
hash800db035f9b6f1e86a7f446a8a8e3947	Cobalt Strike payload (confidence level: 100%)
hash0e594576bb36b025e80eab7c35dc885e	Brute Ratel C4 payload (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hashc938934c0f5304541087313382aee163e0c5239c	Unknown malware payload (confidence level: 100%)
hash8eb64670c10505322d45f6114bc9f7de0826e3a1	Unknown malware payload (confidence level: 100%)
hash3fd43de3c9f7609c52da71c1fc4c01ce0b5ac74c	Unknown malware payload (confidence level: 100%)
hash381a3c6c7e119f58dfde6f03a9890353a20badfa1bfa7c38ede62c6b0692103c	Unknown malware payload (confidence level: 100%)
hashe957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98	Unknown malware payload (confidence level: 100%)
hash4d92a4cecb62d237647a20d2cdfd944d5a29c1a14b274d729e9c8ccca1f0b68b	Unknown malware payload (confidence level: 100%)
hash83863beee3502e42ced7e4b6dacb9eac	Unknown malware payload (confidence level: 100%)
hash0e5ed33778ee9c020aa067546384abcb	Unknown malware payload (confidence level: 100%)
hashf532c0247b683de8936982e86876093b	Unknown malware payload (confidence level: 100%)
hashabc87df854f31725dd1d7231f6f07354	Unknown malware payload (confidence level: 100%)
hash2ffaa8cbc7f0d21d03d3dd897d974dba	Unknown malware payload (confidence level: 100%)
hash5b6d8a474c556fe327004ed8a33edcdb	Unknown malware payload (confidence level: 100%)
hashd9d40cb3e2fe05cf223dc0b592a592c132340042	Unknown malware payload (confidence level: 100%)
hashfbb482415f5312ed64b3a0ebee7fed5e6610c21a	Unknown malware payload (confidence level: 100%)
hashf61e0d09be2fc81d6f325aa7041be6136a747c2d	Unknown malware payload (confidence level: 100%)
hashe418d37fdcf4c288884bfe744b416cbdb0243a9e	Unknown malware payload (confidence level: 100%)
hash22adbffd1dbf3e13d036f936049a2e98	Unknown malware payload (confidence level: 100%)
hashdb2d9d2704d320ecbd606a8720c22559	Unknown malware payload (confidence level: 100%)
hash166f7269c2a69d8d1294a753f9e53214	Unknown malware payload (confidence level: 100%)
hash1609bcb75babd9a3e823811b4329b3b9	Unknown malware payload (confidence level: 100%)
hashd2027751280330559d1b42867e063a0f	Unknown malware payload (confidence level: 100%)
hashbd4cbcd9161e365067d0279b63a784ac	Unknown malware payload (confidence level: 100%)
hash8dcac7513d569ca41126987d876a9940	Unknown malware payload (confidence level: 100%)
hash3aca0abdd7ec958a539705d5a4244196	Unknown malware payload (confidence level: 100%)
hash9159d3c58c5d970ed25c2db9c9487d7a	Unknown malware payload (confidence level: 100%)
hash52932be0bd8e381127aab9c639e6699fd1ecf268	Unknown malware payload (confidence level: 100%)
hashca1ef3aeed9c0c5cfa355b6255a5ab238229a051	Unknown malware payload (confidence level: 100%)
hash02cd4148754c9337dfa2c3b0c31d9fdd064616a0	Unknown malware payload (confidence level: 100%)
hash86dcdf623d0951e2f804c9fb4ef816fa5e6a22c3	Unknown malware payload (confidence level: 100%)
hash15511f1944d96b6b51291e3a68a2a1a560d95305	Unknown malware payload (confidence level: 100%)
hashb91e71d8867ed8bf33ec39d07f4f7fa2c1eeb386	Unknown malware payload (confidence level: 100%)
hash1f65d068d0fbaec88e6bcce5f83771ab42a7a8c5	Unknown malware payload (confidence level: 100%)
hashbacb46d2ce5dfcaf8544125903f69f01091bc3d6	Unknown malware payload (confidence level: 100%)
hash6382ae2061c865ddcb9337f155ae2d036e232dfe	Unknown malware payload (confidence level: 100%)
hashc03292fca415b51d08da32e2f7226f66382eb391e19d53e3d81e3e3ba73aa8c1	Unknown malware payload (confidence level: 100%)
hash18cc4c1577a5b3793ecc1e14db2883ffc6bf7c9792cf22d953c1482ffc124f5a	Unknown malware payload (confidence level: 100%)
hash3c4c2ade1d7a2c55d3df4c19de72a9a6f68d7a281f44a0336e55b6d0f54ec36a	Unknown malware payload (confidence level: 100%)
hash91b42488d1b8e5b547b945714c76c2af16b9566b35757bf055cec1fee9dff1b0	Unknown malware payload (confidence level: 100%)
hash35271a5d3b8e046546417d174abd0839b9b5adfc6b89990fc67c852aafa9ebb0	Unknown malware payload (confidence level: 100%)
hash673f91a2085358e3266f466845366f30cf741060edeb31e9a93e2c92033bba28	Unknown malware payload (confidence level: 100%)
hash9c6683fbb0bf44557472bcef94c213c25a56df539f46449a487a40eecb828a14	Unknown malware payload (confidence level: 100%)
hash10f1c5462eb006246cb7af5d696163db5facc452befbfd525f72507bb925131d	Unknown malware payload (confidence level: 100%)
hasha42dd6bea439b79db90067b84464e755488b784c3ee2e64ef169b9dcdd92b069	Unknown malware payload (confidence level: 100%)
hash15d6036b6b8283571f947d325ea77364c9d48bfa064a865cd24678a466aa5e38	Unknown malware payload (confidence level: 100%)
hash65b35ef533836d6c577199289365ebf6	Unknown malware payload (confidence level: 100%)
hash80	Hydra botnet C2 server (confidence level: 75%)
hashbfda05703188bdd2e02d8c0d5daddf0a	WannaCryptor payload (confidence level: 100%)
hash84c82835a5d21bbcf75a61706d8ab549	WannaCryptor payload (confidence level: 100%)
hashbc0ff2276bca245852d9a8e2d830fc2b	Unknown malware payload (confidence level: 100%)
hashd2be1a27f18573db2219d3637391225d	Unknown malware payload (confidence level: 100%)
hashc47bba8a8821ace4dec8e4a83bcf5d86	Unknown malware payload (confidence level: 100%)
hash920ef2a079ce71b0918e15448b850d26	DUCKTAIL payload (confidence level: 100%)
hash99	CopperStealer botnet C2 server (confidence level: 75%)
hash11915	Nanocore RAT botnet C2 server (confidence level: 100%)
hash11915	Nanocore RAT botnet C2 server (confidence level: 100%)
hash11915	Nanocore RAT botnet C2 server (confidence level: 100%)
hash11915	Nanocore RAT botnet C2 server (confidence level: 100%)
hash11915	Nanocore RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2082	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	IcedID botnet C2 server (confidence level: 75%)
hash443	IcedID botnet C2 server (confidence level: 75%)
hash44178	RedLine Stealer botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash2222	QakBot botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 100%)
hash2222	QakBot botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 100%)
hash2222	QakBot botnet C2 server (confidence level: 100%)
hash2222	QakBot botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 100%)
hash2078	QakBot botnet C2 server (confidence level: 100%)
hash80	Silence botnet C2 server (confidence level: 100%)
hashc0f8aeeb2d11c6e751ee87c40ee609aceb1c1036706a5af0d3d78738b6cc4125	Silence payload (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash8888	Sliver botnet C2 server (confidence level: 50%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash443	BianLian botnet C2 server (confidence level: 50%)
hash8443	BianLian botnet C2 server (confidence level: 50%)
hash443	BianLian botnet C2 server (confidence level: 50%)
hash8080	BianLian botnet C2 server (confidence level: 50%)
hash443	BianLian botnet C2 server (confidence level: 50%)
hash8443	BianLian botnet C2 server (confidence level: 50%)
hash7854	BianLian botnet C2 server (confidence level: 50%)
hash25828	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)

Threat ID: 682c7ac2e3e6de8ceb76bb42

Added to database: 5/20/2025, 12:51:14 PM

Last enriched: 6/19/2025, 1:47:39 PM

Last updated: 8/16/2025, 6:59:11 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2023-04-13

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2023-04-13

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Domain

File

Hash

Related Threats

Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities

ThreatFox IOCs for 2025-08-15

Threat Actor Profile: Interlock Ransomware

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

Kawabunga, Dude, You've Been Ransomed!

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility