Skip to main content

ThreatFox IOCs for 2023-05-29

Medium
Published: Mon May 29 2023 (05/29/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-05-29

AI-Powered Analysis

AILast updated: 06/19/2025, 13:16:55 UTC

Technical Analysis

The provided threat information pertains to a set of Indicators of Compromise (IOCs) published by ThreatFox on May 29, 2023, categorized under malware with a focus on OSINT (Open Source Intelligence). The data appears to be a collection of threat intelligence indicators rather than a specific malware sample or exploit targeting a particular software product or version. The threat is tagged as 'type:osint' and 'tlp:white', indicating that the information is publicly shareable without restrictions. There are no specific affected software versions or products listed, and no known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination of these IOCs. The absence of CWE identifiers and patch links implies that this is not a vulnerability report but rather intelligence data to aid detection and response. The lack of indicators in the provided data limits the ability to analyze specific attack vectors or malware behavior. Overall, this threat intelligence appears to be a medium-severity alert providing OSINT-based IOCs to assist organizations in identifying potential malicious activity related to malware campaigns or actors active around the publication date.

Potential Impact

Given the nature of the data as OSINT-based IOCs without specific exploit details or targeted vulnerabilities, the direct impact on European organizations is primarily related to detection and response capabilities. Organizations that fail to incorporate these IOCs into their security monitoring may miss early signs of malware infections or related malicious activities. The medium severity rating suggests that while the threat is not immediately critical, it could facilitate malware detection and prevention efforts if properly utilized. The lack of known exploits in the wild reduces the immediate risk of widespread compromise. However, the distribution rating indicates these IOCs are moderately disseminated, implying potential relevance across multiple sectors. European organizations, especially those with mature security operations centers (SOCs), can leverage this intelligence to enhance threat hunting and incident response. The impact is thus more operational than technical, focusing on improving situational awareness and reducing dwell time of threats rather than mitigating a direct vulnerability or exploit.

Mitigation Recommendations

1. Integrate the provided IOCs into existing security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of OSINT data to maintain current awareness of emerging threats. 3. Conduct proactive threat hunting exercises using these IOCs to identify potential compromises early. 4. Train SOC analysts on interpreting and applying OSINT-based IOCs to improve incident triage and response accuracy. 5. Collaborate with information sharing and analysis centers (ISACs) relevant to the organization's sector to contextualize these IOCs within broader threat landscapes. 6. Since no patches or specific vulnerabilities are involved, focus mitigation on strengthening monitoring, alerting, and response processes rather than patch management. 7. Validate the relevance of these IOCs against organizational network and endpoint logs to reduce false positives and prioritize investigation efforts.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
ed667b24-c9dc-45d1-98d3-def21c3fc774
Original Timestamp
1685404986

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://81.70.11.25:44310/push
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://139.155.133.20:8080/image/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://alegoomaster.com/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://azartnyjboy.com/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://droopily.eu/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://filterfullproperty.ru/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://freesitucionap.com/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://gondurasonline.ug/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://hopentools.site/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://infomalilopera.ru/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://jkghdj2993jdjjdjd.ru/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://jskgdhjkdfhjdkjhd844.ru/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://kismamabeforyougo.com/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://kissmafiabeforyoudied.eu/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://kjhgdj99fuller.ru/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://nabufixservice.name/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://polinamailserverip.ru/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://prostotaknet.net/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://verycheap.store/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://zaikaopentra-com-ug.online/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://zaikaopentra.com.ug/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://zakolibal.online/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://zalamafiapopcultur.eu/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttps://49.234.36.178:8080/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://smss.svchost.co/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.239.225.87:5431/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://asdfgasd.com/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.223.6.231:4432/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://vm654.loyal.sclad.network/localcentral.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://85.217.144.148/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot6185777927:aahgiplnq4xw3y12thl5pku-tzt6-untnfm/
Agent Tesla botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot5473903116:aah0coryxto6kcenjqriy6z66wjsa9yts6c/
Agent Tesla botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot5814058627:aafjpgerfyp3azjxafismezajcw2vr_a_9u/
Agent Tesla botnet C2 (confidence level: 100%)
urlhttps://discord.com/api/webhooks/1109078597697802400/n0frbeh_8mdeawqc9aba0w42qcoazqnfm0qjocvuo9lpkp2ymw5w1mobqtkr7btia2e8
Agent Tesla botnet C2 (confidence level: 100%)
urlhttp://service-cejxd4w6-1307021836.gz.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.234.43.156/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://92.63.196.47:9513/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.218.203.19/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.33.208.118/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://175.178.115.15/cgi-bin/mmwebwx-bin/webwxgetcontact
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://106.53.111.113/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.71.10.192/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.71.77.164/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://106.53.109.148/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.226.152.98/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://c2.ststjst.shop:2053/metro91/admin/1/ppptp.jpg
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://108.61.229.250/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.78.156.73:12345/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://42.192.38.240:9055/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://c2.ststjst.shop:2052/metro91/admin/1/ppptp.jpg
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.75.216.55:8081/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://13.231.179.74/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.4.24.255:8061/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.224.90.150:51873/fd/ls/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.106.176.108/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.139.18.81:10086/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.154.86.154:8088/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.134.161.194/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.48.107.143:8088/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://121.41.101.90/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://192.177.65.118/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.ajzq.com/info
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.j-j-j.cn/info
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.cjjt.com.cn/info
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://123.56.40.142:8080/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://92.63.196.48:92/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.106.93.136/c57d4dee0da36d49.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://1.15.113.60/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.75.209.76:3306
Vidar botnet C2 (confidence level: 100%)
urlhttps://service-cejxd4w6-1307021836.gz.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.70.243.133:7443/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.159.189.105/bot/regex?key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34
LaplasClipper botnet C2 (confidence level: 100%)
urlhttp://179.43.162.125/70664a52ad417ca5.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://119.45.197.68:8089/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://38.60.29.158/pixel
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file203.135.100.66
N-W0rm botnet C2 server (confidence level: 100%)
file121.40.51.138
Cobalt Strike botnet C2 server (confidence level: 100%)
file163.123.142.231
Dark Nexus botnet C2 server (confidence level: 50%)
file141.98.10.75
Mirai botnet C2 server (confidence level: 75%)
file41.228.203.72
QakBot botnet C2 server (confidence level: 50%)
file31.190.73.114
QakBot botnet C2 server (confidence level: 50%)
file109.150.179.202
QakBot botnet C2 server (confidence level: 50%)
file134.209.244.239
Bashlite botnet C2 server (confidence level: 100%)
file188.93.233.29
Mirai botnet C2 server (confidence level: 100%)
file51.81.85.213
Mirai botnet C2 server (confidence level: 75%)
file137.220.227.219
Cobalt Strike botnet C2 server (confidence level: 100%)
file41.216.182.140
Bashlite botnet C2 server (confidence level: 100%)
file41.216.182.140
Bashlite botnet C2 server (confidence level: 75%)
file194.62.157.35
Bashlite botnet C2 server (confidence level: 100%)
file62.113.117.232
Mirai botnet C2 server (confidence level: 75%)
file109.205.213.7
Mirai botnet C2 server (confidence level: 100%)
file138.197.127.249
Mirai botnet C2 server (confidence level: 100%)
file192.187.109.243
Mirai botnet C2 server (confidence level: 75%)
file45.9.74.4
RedLine Stealer botnet C2 server (confidence level: 100%)
file185.206.215.165
Ave Maria botnet C2 server (confidence level: 100%)
file95.214.27.201
Mirai botnet C2 server (confidence level: 75%)
file107.189.3.153
Mirai botnet C2 server (confidence level: 75%)
file175.178.35.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.9.29.106
Mirai botnet C2 server (confidence level: 100%)
file107.173.209.253
Mirai botnet C2 server (confidence level: 75%)
file8.218.203.19
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.33.208.118
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.208.197.66
Bashlite botnet C2 server (confidence level: 75%)
file175.178.115.15
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.94.45.208
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.226.152.98
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.98.62.168
Bashlite botnet C2 server (confidence level: 100%)
file43.159.38.188
Cobalt Strike botnet C2 server (confidence level: 100%)
file197.36.247.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file108.61.229.250
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.159.38.188
Cobalt Strike botnet C2 server (confidence level: 100%)
file13.231.179.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.224.90.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.106.176.108
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.134.161.194
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.190.211.190
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.177.65.118
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.193.99.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.70.158.105
Remcos botnet C2 server (confidence level: 75%)
file172.104.195.25
Unknown malware botnet C2 server (confidence level: 50%)
file84.32.131.58
Unknown malware botnet C2 server (confidence level: 50%)
file54.219.249.57
Unknown malware botnet C2 server (confidence level: 50%)
file139.162.185.21
Responder botnet C2 server (confidence level: 50%)
file213.32.72.95
Responder botnet C2 server (confidence level: 50%)
file82.65.153.201
Responder botnet C2 server (confidence level: 50%)
file193.149.185.71
Responder botnet C2 server (confidence level: 50%)
file77.105.147.194
Mirai botnet C2 server (confidence level: 75%)
file45.66.230.105
Mirai botnet C2 server (confidence level: 75%)
file157.97.105.189
Mirai botnet C2 server (confidence level: 75%)
file43.140.203.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.60.29.158
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash8712
N-W0rm botnet C2 server (confidence level: 100%)
hash1
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Dark Nexus botnet C2 server (confidence level: 50%)
hash9931
Mirai botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash666
Bashlite botnet C2 server (confidence level: 100%)
hash9999
Mirai botnet C2 server (confidence level: 100%)
hash9999
Mirai botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1337
Bashlite botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 75%)
hash6667
Bashlite botnet C2 server (confidence level: 100%)
hash9999
Mirai botnet C2 server (confidence level: 75%)
hash1024
Mirai botnet C2 server (confidence level: 100%)
hash81
Mirai botnet C2 server (confidence level: 100%)
hash23
Mirai botnet C2 server (confidence level: 75%)
hash46910
RedLine Stealer botnet C2 server (confidence level: 100%)
hash5165
Ave Maria botnet C2 server (confidence level: 100%)
hash59777
Mirai botnet C2 server (confidence level: 75%)
hash1312
Mirai botnet C2 server (confidence level: 75%)
hash1111
Cobalt Strike botnet C2 server (confidence level: 100%)
hash37ab82e9749420ad342a3dcfcb46b70a2c25637cccaa04aef386286e2d4c66ac
QakBot payload (confidence level: 75%)
hash6c0d3531c95bf245d6413dc7f3bf5739fc41f6064bf6d8fc66443f8e46d9ffd2
QakBot payload (confidence level: 75%)
hashbdd821033b38df58bce85ee05263196f965781b3c0dc1454725adff35f5ebe8a
QakBot payload (confidence level: 75%)
hashbe3064ab045747a4ee1d42fb91f2295050e44e13deb8912f262ce74b1f521404
QakBot payload (confidence level: 75%)
hash0bbcf926861f0bab4410477493187a89fc7e28b9da5a1bf607c33316f575343f
QakBot payload (confidence level: 75%)
hasha9740680f1c75a1b5ceb136f04ab322d3dcec86bb4102e54de16c72cb3970dd5
QakBot payload (confidence level: 75%)
hashf64537fa50272733689ac4cf409f596915e992f3ddf8e390483bc2c024d674bf
QakBot payload (confidence level: 75%)
hash515220cfeac3ab3980c118a77acf3c75bcdf6aaca4918f4a2902c3cdefda542c
QakBot payload (confidence level: 75%)
hasha9b5cd823533fee6120b5d60c91e0bccbc915dbcbb4aefd9570ff6fb3c59a209
QakBot payload (confidence level: 75%)
hashc18d497ecc35bc2721e9b25017837a8ada4e4bbe6e4486953598d952907f684d
QakBot payload (confidence level: 75%)
hash3778
Mirai botnet C2 server (confidence level: 100%)
hash55555
Mirai botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash666
Bashlite botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2052
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash51873
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9138
Remcos botnet C2 server (confidence level: 75%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash37443
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash5986
Responder botnet C2 server (confidence level: 50%)
hash5986
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash13
Mirai botnet C2 server (confidence level: 75%)
hash55555
Mirai botnet C2 server (confidence level: 75%)
hash59666
Mirai botnet C2 server (confidence level: 75%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainns3.aliyunapis.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns4.aliyunapis.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaineppo.blogoz.top
RedLine Stealer botnet C2 domain (confidence level: 100%)
domainpxp.softdetails.in
Mirai botnet C2 domain (confidence level: 75%)
domainclient.orxy.space
Mirai botnet C2 domain (confidence level: 75%)
domainservice-cejxd4w6-1307021836.gz.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainc2.ststjst.shop
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.ajzq.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.j-j-j.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.cjjt.com.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainqiqi.podos.top
RedLine Stealer botnet C2 domain (confidence level: 100%)

Threat ID: 682c7ac0e3e6de8ceb760d47

Added to database: 5/20/2025, 12:51:12 PM

Last enriched: 6/19/2025, 1:16:55 PM

Last updated: 8/15/2025, 1:24:50 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats