Skip to main content

ThreatFox IOCs for 2023-05-13

Medium
Published: Sat May 13 2023 (05/13/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-05-13

AI-Powered Analysis

AILast updated: 06/19/2025, 14:47:42 UTC

Technical Analysis

The provided threat intelligence pertains to a set of Indicators of Compromise (IOCs) published on May 13, 2023, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data, as indicated by the product field. However, there are no specific affected software versions or products listed, and no detailed technical indicators such as file hashes, IP addresses, or domain names are provided. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate distribution but limited analysis depth. There are no known exploits in the wild linked to this threat, and no patches or mitigation links are provided. The tags include "type:osint" and "tlp:white," indicating that the information is publicly shareable without restrictions. Overall, the data represents a medium-severity malware threat identified through OSINT methods, but lacks detailed technical specifics or evidence of active exploitation, limiting the ability to fully characterize the malware's behavior, infection vectors, or payload capabilities.

Potential Impact

Given the absence of detailed technical indicators and the lack of known exploits in the wild, the immediate impact on European organizations is likely limited. However, the presence of malware-related IOCs in OSINT repositories suggests potential reconnaissance or preparatory activity by threat actors. If these IOCs are integrated into detection systems, organizations could enhance their ability to identify early-stage compromises. The medium severity rating implies some risk to confidentiality, integrity, or availability if the malware were to be deployed effectively. European organizations, especially those relying on open-source threat intelligence feeds for security monitoring, could face increased alert volumes or false positives if these IOCs are not properly contextualized. Additionally, sectors with high exposure to malware threats, such as finance, critical infrastructure, and government, should remain vigilant. The lack of known exploits reduces the immediate threat but does not eliminate the possibility of future exploitation or targeted attacks leveraging these IOCs.

Mitigation Recommendations

1. Integrate the provided IOCs into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to enhance detection capabilities, ensuring that these indicators are validated to reduce false positives. 2. Conduct regular threat hunting exercises using the IOCs to identify any early signs of compromise within the network. 3. Maintain up-to-date malware detection signatures and behavioral analytics to detect variants or related malware activity that may not be covered by static IOCs. 4. Enhance user awareness training focusing on malware infection vectors, especially phishing and social engineering, which remain common initial attack vectors. 5. Implement network segmentation and strict access controls to limit lateral movement in case of infection. 6. Establish a process for continuous monitoring of OSINT sources like ThreatFox to promptly incorporate emerging threat intelligence. 7. Since no patches are available, emphasize proactive detection and containment strategies rather than reactive patching. 8. Collaborate with national cybersecurity centers and industry-specific Information Sharing and Analysis Centers (ISACs) to share and receive contextualized intelligence relevant to this threat.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
e69d39dd-9820-46a7-a7d0-46b4caa88b03
Original Timestamp
1684022586

Indicators of Compromise

File

ValueDescriptionCopy
file18.158.58.205
RedLine Stealer botnet C2 server (confidence level: 100%)
file3.67.112.102
RedLine Stealer botnet C2 server (confidence level: 100%)
file3.64.4.198
RedLine Stealer botnet C2 server (confidence level: 100%)
file3.127.181.115
RedLine Stealer botnet C2 server (confidence level: 100%)
file3.67.62.142
RedLine Stealer botnet C2 server (confidence level: 100%)
file134.175.83.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file167.235.158.92
RedLine Stealer botnet C2 server (confidence level: 100%)
file88.99.184.104
RedLine Stealer botnet C2 server (confidence level: 100%)
file108.165.242.115
RedLine Stealer botnet C2 server (confidence level: 100%)
file216.173.119.164
Bashlite botnet C2 server (confidence level: 75%)
file103.224.240.224
Ave Maria botnet C2 server (confidence level: 100%)
file124.70.96.9
Cobalt Strike botnet C2 server (confidence level: 100%)
file36.99.39.121
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.249.17.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.249.64.201
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.223.28.192
NjRAT botnet C2 server (confidence level: 100%)
file13.86.95.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.10.232
Cobalt Strike botnet C2 server (confidence level: 100%)
file213.59.116.181
Cobalt Strike botnet C2 server (confidence level: 100%)
file85.192.49.153
RedLine Stealer botnet C2 server (confidence level: 100%)
file107.189.29.157
Mirai botnet C2 server (confidence level: 75%)
file103.179.189.80
Mirai botnet C2 server (confidence level: 75%)
file141.98.6.222
Mirai botnet C2 server (confidence level: 75%)
file147.78.47.219
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.141.118.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.122.132.51
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.23.137.207
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.206.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.39.78.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file52.6.57.91
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.130.104.123
Cobalt Strike botnet C2 server (confidence level: 100%)
file209.38.233.131
Cobalt Strike botnet C2 server (confidence level: 100%)
file202.182.103.58
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.133.235.157
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.98.161.222
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.68.26.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.27.17.204
Sliver botnet C2 server (confidence level: 50%)
file37.27.17.204
Sliver botnet C2 server (confidence level: 50%)
file120.24.42.20
Sliver botnet C2 server (confidence level: 50%)
file120.24.42.20
Sliver botnet C2 server (confidence level: 50%)
file34.205.137.3
Unknown malware botnet C2 server (confidence level: 50%)
file45.66.216.108
Unknown malware botnet C2 server (confidence level: 50%)
file216.238.77.195
Unknown malware botnet C2 server (confidence level: 50%)
file23.163.0.241
BianLian botnet C2 server (confidence level: 50%)
file23.163.0.241
BianLian botnet C2 server (confidence level: 50%)
file23.163.0.241
BianLian botnet C2 server (confidence level: 50%)
file104.200.72.25
BianLian botnet C2 server (confidence level: 50%)
file104.200.72.25
BianLian botnet C2 server (confidence level: 50%)
file149.154.158.114
BianLian botnet C2 server (confidence level: 50%)
file149.154.158.114
BianLian botnet C2 server (confidence level: 50%)
file151.236.9.60
BianLian botnet C2 server (confidence level: 50%)
file151.236.9.60
BianLian botnet C2 server (confidence level: 50%)
file151.236.9.60
BianLian botnet C2 server (confidence level: 50%)
file192.52.167.39
BianLian botnet C2 server (confidence level: 50%)
file193.29.59.109
BianLian botnet C2 server (confidence level: 50%)
file193.149.185.27
BianLian botnet C2 server (confidence level: 50%)
file104.200.20.89
Havoc botnet C2 server (confidence level: 50%)
file190.133.143.80
Havoc botnet C2 server (confidence level: 50%)
file18.133.125.105
Responder botnet C2 server (confidence level: 50%)
file18.222.116.178
Responder botnet C2 server (confidence level: 50%)
file34.244.155.135
Responder botnet C2 server (confidence level: 50%)
file52.176.39.204
Responder botnet C2 server (confidence level: 50%)
file52.176.39.204
Responder botnet C2 server (confidence level: 50%)
file109.120.182.2
Responder botnet C2 server (confidence level: 50%)
file165.22.47.224
Responder botnet C2 server (confidence level: 50%)
file165.227.112.99
Responder botnet C2 server (confidence level: 50%)
file185.225.70.149
Responder botnet C2 server (confidence level: 50%)
file213.227.155.89
Responder botnet C2 server (confidence level: 50%)
file213.227.155.89
Responder botnet C2 server (confidence level: 50%)
file213.227.155.89
Responder botnet C2 server (confidence level: 50%)
file141.98.6.124
Mirai botnet C2 server (confidence level: 75%)
file95.214.27.136
Mirai botnet C2 server (confidence level: 75%)
file74.201.30.84
IcedID botnet C2 server (confidence level: 75%)
file141.98.6.151
Mirai botnet C2 server (confidence level: 75%)
file185.99.133.58
IcedID botnet C2 server (confidence level: 75%)
file185.246.220.136
Mirai botnet C2 server (confidence level: 75%)
file43.138.206.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.198.253
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.70.165.10
AsyncRAT botnet C2 server (confidence level: 75%)
file191.101.130.28
AsyncRAT botnet C2 server (confidence level: 75%)
file142.202.191.142
Ave Maria botnet C2 server (confidence level: 100%)
file45.66.230.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.71.68.50
Cobalt Strike botnet C2 server (confidence level: 100%)
file95.214.55.195
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash13065
RedLine Stealer botnet C2 server (confidence level: 100%)
hash13065
RedLine Stealer botnet C2 server (confidence level: 100%)
hash13065
RedLine Stealer botnet C2 server (confidence level: 100%)
hash13065
RedLine Stealer botnet C2 server (confidence level: 100%)
hash13065
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash45741
RedLine Stealer botnet C2 server (confidence level: 100%)
hash2449
RedLine Stealer botnet C2 server (confidence level: 100%)
hash12664
RedLine Stealer botnet C2 server (confidence level: 100%)
hash666
Bashlite botnet C2 server (confidence level: 75%)
hash5552
Ave Maria botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1370
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash39029
RedLine Stealer botnet C2 server (confidence level: 100%)
hash55655
Mirai botnet C2 server (confidence level: 75%)
hash56999
Mirai botnet C2 server (confidence level: 75%)
hash56999
Mirai botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8899
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8888
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash80
BianLian botnet C2 server (confidence level: 50%)
hash8080
BianLian botnet C2 server (confidence level: 50%)
hash8443
BianLian botnet C2 server (confidence level: 50%)
hash80
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash8080
BianLian botnet C2 server (confidence level: 50%)
hash2052
BianLian botnet C2 server (confidence level: 50%)
hash8000
BianLian botnet C2 server (confidence level: 50%)
hash8443
BianLian botnet C2 server (confidence level: 50%)
hash7083
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash8443
BianLian botnet C2 server (confidence level: 50%)
hash8881
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash80
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash5985
Responder botnet C2 server (confidence level: 50%)
hash443
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash5985
Responder botnet C2 server (confidence level: 50%)
hash5985
Responder botnet C2 server (confidence level: 50%)
hash443
Responder botnet C2 server (confidence level: 50%)
hash5985
Responder botnet C2 server (confidence level: 50%)
hash80
Responder botnet C2 server (confidence level: 50%)
hash443
Responder botnet C2 server (confidence level: 50%)
hash5985
Responder botnet C2 server (confidence level: 50%)
hash45
Mirai botnet C2 server (confidence level: 75%)
hash61002
Mirai botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash42311
Mirai botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash9931
Mirai botnet C2 server (confidence level: 75%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash61288
AsyncRAT botnet C2 server (confidence level: 75%)
hash8808
AsyncRAT botnet C2 server (confidence level: 75%)
hash5200
Ave Maria botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://98.159.100.94/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://134.175.83.78/js/components/content-info-b0c0e5245b.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://dblg023.shop/pl341/index.php
Azorult botnet C2 (confidence level: 100%)
urlhttps://8.130.106.206:8081/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.137.174:8088/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://baidu.office365update.cn/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://pinganlife.office365update.cn/image/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://123.249.64.201/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://165.232.118.86/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://thetechnicalassistant.com:8081/tab_home_active.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://transcash-recharge.sytes.net/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://82.157.110.128/ab.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.110.128/ab.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.41.131.105/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.88.66.128:8089/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://175.178.90.153:8000/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://39.105.31.193:50052/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.92.198.253:8080/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://119.45.71.204:8888/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://qw.vm3dservice.com/release.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://as.vm3dservice.com/release.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://zx.vm3dservice.com/release.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.141.118.137/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://198.23.137.207/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.190.181:8080/news/details
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.42.173.185/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://103.39.78.129/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://198.23.137.207:8086/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.218.192.174:39800/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.34.36.115:8076/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://actistesting.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.130.104.123/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.143.243.224:666/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://209.38.233.131/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://202.182.103.58/jquery-3.5.1.slim.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.235.157/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.2.116:2222/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://87.165.127.91:2222/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://39.98.161.222/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.4.65.44:9876/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://194.68.26.178/pki/mscorp/cps/default.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cs.svchostok.pro/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://158.150.11.76:8888/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://182.160.11.134/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.41.131.105:5555/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cs.svchostok.pro/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://150.158.11.76/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://95.214.27.98/cronus/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://101.43.222.226:8888/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://150.158.11.76:8080/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://182.160.11.134/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.darkerstan.top/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.43.190.181:8090/news/details
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.92.198.253/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.138.206.73:8999/clemente/details
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://212.118.55.225:4444/scrub
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://134.122.132.23:8899/fwlink
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://134.122.132.23:8899/w8lb
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://192.168.1.38:28818/nlqr
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://192.168.1.38:28818/qwpe
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://mamabahuyiabas.net/prof/index.php
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://mollikertes.win/prof/index.php
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://peiploersea.com:443/boost.mpeg
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://dollyjonsaw.top/prof/index.php
SmokeLoader botnet C2 (confidence level: 75%)
urlhttps://fusdertoplerq.top/prof/index.php
SmokeLoader botnet C2 (confidence level: 75%)
urlhttps://masloperukwed.top/prof/index.php
SmokeLoader botnet C2 (confidence level: 75%)
urlhttps://mollyfishers.cc/prof/index.php
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://101.226.27.197:443/jquery-3.6.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://101.226.27.216:443/jquery-3.6.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://101.226.27.217:443/jquery-3.6.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://101.226.27.241:443/jquery-3.6.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://101.226.27.251:443/jquery-3.6.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://101.226.27.253:443/jquery-3.6.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://101.226.28.251:443/jquery-3.6.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://106.55.199.146:9990/load
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://106.55.199.146:9990/vrmh
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://175.178.1.95:4433/tydl
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://49.232.97.58:80/fwlink
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://82.157.161.99:1001/dpixel
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://fllrnd.com:443/scrub
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://43.138.234.86/js/components/content-info-b0c0e5245b.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://212.192.246.127:443/ptj
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://82.117.255.211/11acf293b39e9ca9.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://47.106.21.82:80/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://150.158.11.76/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.103.64.64:1111/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.66.230.25/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.newbing.fyi:8080/search/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.146.179.94:8093/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://helloworld.testediliyoruz.workers.dev/poll
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.113.227.71:7777/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://39.100.33.82/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://162.19.155.49:8008/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainjasonbourneblack.ddns.net
Nanocore RAT botnet C2 domain (confidence level: 100%)
domainfaq.medecinsansfrontiere.fr
Nanocore RAT botnet C2 domain (confidence level: 100%)
domainanunankis1.duckdns.org
Nanocore RAT botnet C2 domain (confidence level: 100%)
domainbaidu.office365update.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainpinganlife.office365update.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainxytcdn.hongmengchuangke.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainedu.hicomputing.huawei.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainthetechnicalassistant.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainqw.vm3dservice.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainas.vm3dservice.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainzx.vm3dservice.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainactistesting.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.darkerstan.top
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.newbing.fyi
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainhelloworld.testediliyoruz.workers.dev
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682c7ac3e3e6de8ceb76f5b0

Added to database: 5/20/2025, 12:51:15 PM

Last enriched: 6/19/2025, 2:47:42 PM

Last updated: 8/15/2025, 7:25:29 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats