ThreatFox IOCs for 2023-07-07
Severity: mediumType: malware
ThreatFox IOCs for 2023-07-07
AI Analysis
Technical Summary
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on July 7, 2023, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related, specifically linked to OSINT (Open Source Intelligence) activities. However, the details are minimal, with no specific affected software versions, no known exploits in the wild, and no CWE (Common Weakness Enumeration) identifiers provided. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating. The technical details suggest moderate distribution (level 3) but low analysis (level 1), implying that while the threat may be somewhat widespread, it is not deeply analyzed or understood. The absence of patch links and specific indicators limits the ability to pinpoint exact attack vectors or malware behavior. Given the nature of OSINT-related malware, it is likely that this threat involves the use of publicly available information to facilitate or enhance malware campaigns, possibly through social engineering or reconnaissance phases. The lack of known exploits in the wild suggests that this threat may be emerging or primarily used in targeted scenarios rather than widespread attacks. Overall, this threat represents a medium-level malware risk with limited technical details, emphasizing the need for vigilance in monitoring OSINT sources and associated IOCs for early detection and response.
Potential Impact
For European organizations, the potential impact of this threat is moderate but should not be underestimated. Since the threat is linked to OSINT-based malware, it could be used to gather sensitive information or facilitate targeted attacks such as spear-phishing, credential harvesting, or lateral movement within networks. The medium severity indicates that while immediate widespread disruption is unlikely, the threat could compromise confidentiality by exposing sensitive data or integrity by enabling unauthorized access. Availability impacts appear limited given the lack of known exploits and the absence of destructive payloads in the description. European organizations involved in sectors with high exposure to OSINT activities—such as government agencies, defense contractors, financial institutions, and critical infrastructure providers—may face increased risk. The threat's moderate distribution level suggests that it could affect multiple entities, potentially leading to coordinated or multi-vector attacks if leveraged effectively by threat actors.
Mitigation Recommendations
To mitigate this threat effectively, European organizations should implement enhanced OSINT monitoring and threat intelligence integration to detect emerging IOCs promptly. Specific recommendations include: 1) Deploy advanced email filtering and anti-phishing solutions that incorporate OSINT-derived threat intelligence to identify and block malicious communications. 2) Conduct regular employee training focused on recognizing social engineering tactics that leverage publicly available information. 3) Integrate automated IOC ingestion systems to update detection tools with the latest ThreatFox data, ensuring rapid response capabilities. 4) Perform network segmentation and enforce least privilege access controls to limit lateral movement if initial compromise occurs. 5) Utilize endpoint detection and response (EDR) solutions capable of identifying suspicious behaviors associated with OSINT-driven malware campaigns. 6) Collaborate with national and European cybersecurity information sharing organizations to stay informed about evolving threats and share relevant findings. These measures go beyond generic advice by focusing on the specific nature of OSINT-related threats and leveraging real-time intelligence sharing.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: http://5.75.240.14/
- url: http://5.75.240.14/someoneadasylf.zip
- url: http://78.47.195.134/
- file: 201.124.213.74
- hash: 443
- file: 142.118.107.222
- hash: 2222
- url: https://rinonizexa.com/dz
- domain: rinonizexa.com
- url: https://data.dnslive.top:8443/j.ad
- domain: data.dnslive.top
- file: 198.44.169.19
- hash: 8443
- url: http://77.91.68.3/home/love/index.php
- file: 85.209.3.4
- hash: 11290
- url: http://138.68.56.139/?p=628638060796
- url: http://152.89.198.34/3b4f49719257c673.php
- url: http://138.68.56.139/?p=76150
- file: 45.147.46.125
- hash: 31
- file: 77.91.68.3
- hash: 80
- url: http://138.68.56.139/?p=2744
- file: 139.99.3.237
- hash: 31337
- file: 139.99.3.237
- hash: 8888
- file: 175.178.107.105
- hash: 31337
- file: 175.178.107.105
- hash: 443
- file: 95.111.236.195
- hash: 7443
- file: 51.91.79.105
- hash: 993
- file: 74.119.194.165
- hash: 8443
- file: 130.193.43.10
- hash: 8443
- file: 173.254.236.139
- hash: 6022
- file: 193.42.39.254
- hash: 80
- file: 35.207.206.133
- hash: 445
- file: 35.207.206.133
- hash: 80
- file: 91.134.141.245
- hash: 5985
- file: 34.88.222.181
- hash: 5985
- file: 34.88.222.181
- hash: 443
- file: 3.129.81.0
- hash: 443
- file: 3.131.218.223
- hash: 443
- file: 3.131.218.223
- hash: 5985
- file: 3.131.218.223
- hash: 5986
- file: 51.38.185.204
- hash: 445
- file: 139.84.142.38
- hash: 443
- file: 185.252.179.190
- hash: 9375
- file: 185.254.18.2
- hash: 7777
- file: 70.53.193.161
- hash: 2222
- file: 74.12.147.211
- hash: 2078
- file: 209.25.141.212
- hash: 45203
- domain: and-tim.at.ply.gg
- domain: hoysechichonea.con-ip.com
- url: https://update.optaneinteloss.com/jquery-3.3.1.min.js
- domain: update.optaneinteloss.com
- file: 181.132.143.37
- hash: 1883
- url: https://update.optelinteloss.com/jquery-3.3.1.min.js
- domain: update.optelinteloss.com
- url: https://198.144.187.19/jquery-3.3.1.min.js
- file: 198.144.187.19
- hash: 443
- hash: 44c494a30f83f92295c8351b86a2507a
- hash: fb1d84ef4d34e2f2f1e7fb3966123082
- hash: b63fd1d2717071eca5b95db0bda74f26
- hash: d72f7a7742ef69a7148981383e094ee3
- hash: d67c9c9d0e94f04cfe67637922b61e05
- hash: c9824b1a3b3f9bb1001b3bb174b44b7b
- hash: f1d0687821736fdfba7975d9f570f3ff
- hash: 9ca04de899947dc06c5f0bbe677b75d8
- hash: d155576b68e87a50b84fe5cf82dfc73a
- hash: c7026aa76880ff7e889deaf6e2b416b1
- hash: 827a3da12d83683d326d81c058c656ac
- hash: 74f805b67565709940e952b40c8ce37c
- file: 185.187.235.186
- hash: 8149
- file: 172.245.80.12
- hash: 8149
- url: http://5.78.104.95/7322cd0544d1389a.php
- file: 86.130.9.166
- hash: 2222
- file: 109.221.161.67
- hash: 2222
- file: 202.95.15.23
- hash: 8333
- file: 136.243.214.49
- hash: 9999
- url: http://1.15.225.244:81/ie9compatviewlist.xml
- url: https://117.50.192.220/g.pixel
- file: 117.50.192.220
- hash: 443
- url: http://121.4.115.219:8888/ptj
- url: http://173.249.201.243:88/ca
- url: http://47.104.244.206:8088/ptj
- file: 43.131.242.233
- hash: 4444
- url: https://cs.aazurenet.xyz/updates
- domain: cs.aazurenet.xyz
- url: https://47.107.36.89/updates
- file: 47.107.36.89
- hash: 443
- url: http://216.83.48.71/__utm.gif
- file: 216.83.48.71
- hash: 80
- url: http://47.109.105.56/updates.rss
- file: 47.109.105.56
- hash: 80
- url: http://ntlm.duckdns.org/xevendor
- file: 95.214.11.213
- hash: 80
- url: http://180.76.164.197:12345/visit.js
- url: http://101.43.187.70/dpixel
- file: 101.43.187.70
- hash: 80
- url: http://124.223.177.244:6666/cwonajlbo/vtneww11212/
- url: http://195.123.233.9/add/contact-us/help
- file: 195.123.233.9
- hash: 80
- url: http://150.158.137.72:10010/cm
- url: http://20.24.65.23:8888/ga.js
- url: http://101.33.235.149/pixel.gif
- url: http://47.96.233.223:8445/__utm.gif
- url: http://124.222.32.173:84/fwlink
- url: http://91.238.203.23:8006/en_us/all.js
- url: http://182.92.71.20/ga.js
- url: https://www.nacosgov.xyz:2087/assets/code-3d7b701fc6eb.css
- domain: www.nacosgov.xyz
- file: 45.77.24.248
- hash: 2087
- url: http://118.24.128.43/__utm.gif
- file: 118.24.128.43
- hash: 80
- url: http://106.15.170.141/push
- file: 106.15.170.141
- hash: 80
- file: 124.220.49.74
- hash: 9999
- url: http://43.133.32.97:6666/image/
- url: http://47.92.100.70:8000/match
- url: http://43.138.212.90:8090/api/getit
- url: http://106.12.129.225:81/ga.js
- url: http://47.242.0.207:8080/pixel
- url: http://1.14.63.190:8999/ga.js
- url: https://150.138.179.182/en-us/silentauth
- url: https://123.234.2.86/en-us/silentauth
- file: 51.210.170.199
- hash: 34087
- file: 5.75.240.14
- hash: 80
- file: 78.47.195.134
- hash: 80
- file: 91.103.252.17
- hash: 8912
- url: http://91.103.252.17:8912/freebl3.dll
- url: http://91.103.252.17:8912/libcrypto.dll
- url: http://91.103.252.17:8912/mozglue.dll
- url: http://91.103.252.17:8912/nss3.dll
- url: http://91.103.252.17:8912/softokn3.dll
- url: http://91.103.252.17:8912/sqlite3.dll
- url: http://91.103.252.17:8912/
- file: 3.125.188.168
- hash: 12937
- file: 35.157.111.131
- hash: 12937
- file: 3.126.224.214
- hash: 12937
- url: https://82.157.110.128/activity
- file: 197.87.135.122
- hash: 443
- url: https://47.115.219.93:8443/ptj
- url: http://47.105.53.99:7002/match
- url: https://121.5.134.64/ga.js
- url: http://47.242.0.207:9999/dot.gif
- url: http://49.7.131.69:9999/visit.js
- url: https://70.18.21.5:5999/fwlink
- file: 45.95.169.175
- hash: 5555
- url: https://82.157.110.128/fwlink
- url: http://82.157.110.128/updates.rss
- url: http://111.231.4.143:8440/broadcast
- url: https://101.37.88.59:6000/visit.js
- url: https://8.217.147.50/pixel
- url: http://207.226.136.40:88/updates.rss
- url: https://124.71.39.203/dpixel
- file: 124.71.39.203
- hash: 443
- file: 43.133.32.97
- hash: 8443
- url: https://195.123.233.9/add/contact-us/help
- file: 195.123.233.9
- hash: 443
- file: 101.43.1.44
- hash: 843
- url: http://216.83.48.71:8080/j.ad
- url: http://121.37.208.189/dpixel
- url: https://192.198.82.238/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 192.198.82.238
- hash: 443
- url: http://156.247.11.238:8080/load
- url: https://167.99.52.241/jquery-3.3.1.min.js
- url: https://134.122.0.130/jquery-3.3.1.min.js
- url: https://134.122.10.106/jquery-3.3.1.min.js
- url: https://143.198.241.192/jquery-3.3.1.min.js
- file: 167.99.52.241
- hash: 443
- url: https://43.143.74.28:4455/pixel
- url: https://8.140.37.238:9090/en_us/all.js
- url: http://94.142.138.97/up
- file: 94.142.138.97
- hash: 80
- url: http://tthre3pt.top/zip.php
- file: 54.39.36.52
- hash: 48331
- file: 193.106.174.210
- hash: 443
- domain: bigbrainhousewall.com
- url: http://167.235.204.174:27016/
- url: http://167.235.204.174:27016/get.zip
- url: http://736036.cllt.nyashteam.top/nyashsupport.php
- url: http://91.103.252.12/522d6f9280951d7f.php
- file: 191.89.247.6
- hash: 7778
- url: http://incentiveswidget.appspot.com/w/2nbyng/?
- file: 5.42.92.122
- hash: 34244
- url: http://194.50.153.23/9af57c9106bf2c01.php
- file: 113.193.95.156
- hash: 443
- file: 173.206.20.235
- hash: 443
- url: http://120.79.167.191:443/api/v1/server/user/info
- file: 209.25.142.212
- hash: 17869
- file: 185.17.0.167
- hash: 42516
- url: https://116.204.77.75/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 116.204.77.75
- hash: 443
- url: http://154.23.248.180:4444/ptj
- url: http://182.92.131.14/activity
- file: 182.92.131.14
- hash: 80
- url: http://111.230.42.149:8080/visit.js
- url: http://124.221.183.95:8888/cm
- url: http://81.68.241.8:7942/cx
- url: http://162.14.100.23:8088/cm
- url: http://43.143.221.53/j.ad
- file: 43.143.221.53
- hash: 80
- url: https://118.195.145.185/push
- file: 118.195.145.185
- hash: 443
- url: https://askubuntu.com/jquery-3.3.1.min.js
- domain: askubuntu.com
- file: 52.142.187.48
- hash: 443
- url: http://124.71.202.107:9999/fwlink
- url: https://39.106.76.185/ca
- file: 39.106.76.185
- hash: 443
- url: http://5.182.38.176/pixel
- file: 5.182.38.176
- hash: 80
- url: http://116.211.148.181:8045/push
- url: https://89.147.108.109/ga.js
- file: 89.147.108.109
- hash: 443
- file: 194.31.109.29
- hash: 37599
- url: http://92.63.189.63/vm/cpuprocessdatalifepublic.php
- file: 66.242.156.33
- hash: 80
- file: 167.99.179.6
- hash: 80
- url: http://185.252.179.228/crocus/index.php
- url: http://521187.clmonth.nyashteam.top/nyashsupport.php
- url: http://168.119.55.206/
- url: http://168.119.55.206/someoneadasylf.zip
- url: http://45.9.74.164/b7djsdcpcz/index.php
- file: 185.252.179.228
- hash: 80
- file: 94.131.15.185
- hash: 7443
- file: 109.123.251.235
- hash: 7443
- file: 38.55.96.159
- hash: 6081
- file: 13.38.36.123
- hash: 80
- file: 51.255.5.104
- hash: 993
- file: 172.86.78.127
- hash: 443
- file: 3.15.47.174
- hash: 5985
- file: 137.184.40.73
- hash: 445
- file: 194.26.192.203
- hash: 5050
- file: 185.106.93.193
- hash: 26040
- file: 153.92.126.196
- hash: 80
- domain: tsix.synology.me
- file: 223.166.224.11
- hash: 53
- domain: aaa.ad4min.com
- file: 198.13.42.85
- hash: 53
- file: 43.155.75.235
- hash: 8880
- file: 45.9.74.164
- hash: 80
- file: 206.188.197.251
- hash: 443
- file: 5.181.80.141
- hash: 3778
- url: https://ss.rlfslie.cloud:8443/j.ad
- domain: ss.rlfslie.cloud
- file: 199.195.253.124
- hash: 8443
- url: http://124.221.183.95:9966/pixel.gif
- url: http://45.91.8.171/4/5/06tempgame/4processor/2dlegenerator/test/processorprotect/cputemporary3/apipoll2cdn/serverlinuxasync/windows4/wordpressprocess0/cdn/7/8/multihttp/1/4external/geo7cpu/videopython.php
- url: https://101.200.134.239/def/v1.49/zy1g5wnlv1
- file: 101.200.134.239
- hash: 443
- url: https://149.28.146.218/ca
- file: 149.28.146.218
- hash: 443
- url: http://62.234.185.105/image/
- file: 62.234.185.105
- hash: 80
- url: http://resource.sekretariatparti.org:8443/__utm.gif
- domain: resource.sekretariatparti.org
- file: 198.13.34.82
- hash: 8443
- url: http://47.92.100.70:8888/push
- url: http://publish-partner.nabtrade.com.au/activity
- domain: publish-partner.nabtrade.com.au
- url: https://oldredtoolbox.com.global.prod.fastly.net/ie9compatviewlist.xml
- domain: oldredtoolbox.com.global.prod.fastly.net
- file: 34.220.153.113
- hash: 443
- url: https://103.173.154.214:5678/updates
- url: http://117.50.176.248/pixel.gif
- file: 117.50.176.248
- hash: 80
- file: 220.79.238.87
- hash: 443
- file: 41.100.109.67
- hash: 443
- file: 41.230.206.109
- hash: 443
- url: http://080138.clmonth.nyashteam.top/nyashsupport.php
- url: http://89.23.97.153/16track3/videoapitestpublic.php
ThreatFox IOCs for 2023-07-07
Medium
Published: Fri Jul 07 2023 (07/07/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2023-07-07
AI-Powered Analysis
AILast updated: 06/19/2025, 13:47:19 UTC
Technical Analysis
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on July 7, 2023, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related, specifically linked to OSINT (Open Source Intelligence) activities. However, the details are minimal, with no specific affected software versions, no known exploits in the wild, and no CWE (Common Weakness Enumeration) identifiers provided. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating. The technical details suggest moderate distribution (level 3) but low analysis (level 1), implying that while the threat may be somewhat widespread, it is not deeply analyzed or understood. The absence of patch links and specific indicators limits the ability to pinpoint exact attack vectors or malware behavior. Given the nature of OSINT-related malware, it is likely that this threat involves the use of publicly available information to facilitate or enhance malware campaigns, possibly through social engineering or reconnaissance phases. The lack of known exploits in the wild suggests that this threat may be emerging or primarily used in targeted scenarios rather than widespread attacks. Overall, this threat represents a medium-level malware risk with limited technical details, emphasizing the need for vigilance in monitoring OSINT sources and associated IOCs for early detection and response.
Potential Impact
For European organizations, the potential impact of this threat is moderate but should not be underestimated. Since the threat is linked to OSINT-based malware, it could be used to gather sensitive information or facilitate targeted attacks such as spear-phishing, credential harvesting, or lateral movement within networks. The medium severity indicates that while immediate widespread disruption is unlikely, the threat could compromise confidentiality by exposing sensitive data or integrity by enabling unauthorized access. Availability impacts appear limited given the lack of known exploits and the absence of destructive payloads in the description. European organizations involved in sectors with high exposure to OSINT activities—such as government agencies, defense contractors, financial institutions, and critical infrastructure providers—may face increased risk. The threat's moderate distribution level suggests that it could affect multiple entities, potentially leading to coordinated or multi-vector attacks if leveraged effectively by threat actors.
Mitigation Recommendations
To mitigate this threat effectively, European organizations should implement enhanced OSINT monitoring and threat intelligence integration to detect emerging IOCs promptly. Specific recommendations include: 1) Deploy advanced email filtering and anti-phishing solutions that incorporate OSINT-derived threat intelligence to identify and block malicious communications. 2) Conduct regular employee training focused on recognizing social engineering tactics that leverage publicly available information. 3) Integrate automated IOC ingestion systems to update detection tools with the latest ThreatFox data, ensuring rapid response capabilities. 4) Perform network segmentation and enforce least privilege access controls to limit lateral movement if initial compromise occurs. 5) Utilize endpoint detection and response (EDR) solutions capable of identifying suspicious behaviors associated with OSINT-driven malware campaigns. 6) Collaborate with national and European cybersecurity information sharing organizations to stay informed about evolving threats and share relevant findings. These measures go beyond generic advice by focusing on the specific nature of OSINT-related threats and leveraging real-time intelligence sharing.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- e88ee6fd-24a8-4e35-8556-b73c38bf4ff0
- Original Timestamp
- 1688774586
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://5.75.240.14/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://5.75.240.14/someoneadasylf.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://78.47.195.134/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://rinonizexa.com/dz | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://data.dnslive.top:8443/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://77.91.68.3/home/love/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://138.68.56.139/?p=628638060796 | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://152.89.198.34/3b4f49719257c673.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://138.68.56.139/?p=76150 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://138.68.56.139/?p=2744 | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://update.optaneinteloss.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://update.optelinteloss.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://198.144.187.19/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.78.104.95/7322cd0544d1389a.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://1.15.225.244:81/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://117.50.192.220/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.4.115.219:8888/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://173.249.201.243:88/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.104.244.206:8088/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cs.aazurenet.xyz/updates | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.107.36.89/updates | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://216.83.48.71/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.109.105.56/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://ntlm.duckdns.org/xevendor | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://180.76.164.197:12345/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://101.43.187.70/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.223.177.244:6666/cwonajlbo/vtneww11212/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://195.123.233.9/add/contact-us/help | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://150.158.137.72:10010/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://20.24.65.23:8888/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://101.33.235.149/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.96.233.223:8445/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.222.32.173:84/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://91.238.203.23:8006/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://182.92.71.20/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.nacosgov.xyz:2087/assets/code-3d7b701fc6eb.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://118.24.128.43/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://106.15.170.141/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.133.32.97:6666/image/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.92.100.70:8000/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.138.212.90:8090/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://106.12.129.225:81/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.242.0.207:8080/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.14.63.190:8999/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://150.138.179.182/en-us/silentauth | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://123.234.2.86/en-us/silentauth | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.17:8912/freebl3.dll | ObserverStealer botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.17:8912/libcrypto.dll | ObserverStealer botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.17:8912/mozglue.dll | ObserverStealer botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.17:8912/nss3.dll | ObserverStealer botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.17:8912/softokn3.dll | ObserverStealer botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.17:8912/sqlite3.dll | ObserverStealer botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.17:8912/ | ObserverStealer botnet C2 (confidence level: 100%) | |
urlhttps://82.157.110.128/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.115.219.93:8443/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.105.53.99:7002/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://121.5.134.64/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.242.0.207:9999/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://49.7.131.69:9999/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://70.18.21.5:5999/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://82.157.110.128/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://82.157.110.128/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://111.231.4.143:8440/broadcast | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://101.37.88.59:6000/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://8.217.147.50/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://207.226.136.40:88/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://124.71.39.203/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://195.123.233.9/add/contact-us/help | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://216.83.48.71:8080/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.37.208.189/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://192.198.82.238/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://156.247.11.238:8080/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://167.99.52.241/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://134.122.0.130/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://134.122.10.106/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://143.198.241.192/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.143.74.28:4455/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://8.140.37.238:9090/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://94.142.138.97/up | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://tthre3pt.top/zip.php | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://167.235.204.174:27016/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://167.235.204.174:27016/get.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://736036.cllt.nyashteam.top/nyashsupport.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.12/522d6f9280951d7f.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://incentiveswidget.appspot.com/w/2nbyng/? | Agent Tesla botnet C2 (confidence level: 100%) | |
urlhttp://194.50.153.23/9af57c9106bf2c01.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://120.79.167.191:443/api/v1/server/user/info | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://116.204.77.75/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://154.23.248.180:4444/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://182.92.131.14/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://111.230.42.149:8080/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.221.183.95:8888/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://81.68.241.8:7942/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://162.14.100.23:8088/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.143.221.53/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://118.195.145.185/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://askubuntu.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.71.202.107:9999/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://39.106.76.185/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.182.38.176/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://116.211.148.181:8045/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://89.147.108.109/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://92.63.189.63/vm/cpuprocessdatalifepublic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://185.252.179.228/crocus/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://521187.clmonth.nyashteam.top/nyashsupport.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://168.119.55.206/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://168.119.55.206/someoneadasylf.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://45.9.74.164/b7djsdcpcz/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://ss.rlfslie.cloud:8443/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.221.183.95:9966/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.91.8.171/4/5/06tempgame/4processor/2dlegenerator/test/processorprotect/cputemporary3/apipoll2cdn/serverlinuxasync/windows4/wordpressprocess0/cdn/7/8/multihttp/1/4external/geo7cpu/videopython.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://101.200.134.239/def/v1.49/zy1g5wnlv1 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://149.28.146.218/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://62.234.185.105/image/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://resource.sekretariatparti.org:8443/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.92.100.70:8888/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://publish-partner.nabtrade.com.au/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://oldredtoolbox.com.global.prod.fastly.net/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://103.173.154.214:5678/updates | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://117.50.176.248/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://080138.clmonth.nyashteam.top/nyashsupport.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://89.23.97.153/16track3/videoapitestpublic.php | DCRat botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file201.124.213.74 | QakBot botnet C2 server (confidence level: 50%) | |
file142.118.107.222 | QakBot botnet C2 server (confidence level: 50%) | |
file198.44.169.19 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file85.209.3.4 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.147.46.125 | Mirai botnet C2 server (confidence level: 75%) | |
file77.91.68.3 | Amadey botnet C2 server (confidence level: 50%) | |
file139.99.3.237 | Sliver botnet C2 server (confidence level: 50%) | |
file139.99.3.237 | Sliver botnet C2 server (confidence level: 50%) | |
file175.178.107.105 | Sliver botnet C2 server (confidence level: 50%) | |
file175.178.107.105 | Sliver botnet C2 server (confidence level: 50%) | |
file95.111.236.195 | Unknown malware botnet C2 server (confidence level: 50%) | |
file51.91.79.105 | BianLian botnet C2 server (confidence level: 50%) | |
file74.119.194.165 | BianLian botnet C2 server (confidence level: 50%) | |
file130.193.43.10 | BianLian botnet C2 server (confidence level: 50%) | |
file173.254.236.139 | BianLian botnet C2 server (confidence level: 50%) | |
file193.42.39.254 | Responder botnet C2 server (confidence level: 50%) | |
file35.207.206.133 | Responder botnet C2 server (confidence level: 50%) | |
file35.207.206.133 | Responder botnet C2 server (confidence level: 50%) | |
file91.134.141.245 | Responder botnet C2 server (confidence level: 50%) | |
file34.88.222.181 | Responder botnet C2 server (confidence level: 50%) | |
file34.88.222.181 | Responder botnet C2 server (confidence level: 50%) | |
file3.129.81.0 | Responder botnet C2 server (confidence level: 50%) | |
file3.131.218.223 | Responder botnet C2 server (confidence level: 50%) | |
file3.131.218.223 | Responder botnet C2 server (confidence level: 50%) | |
file3.131.218.223 | Responder botnet C2 server (confidence level: 50%) | |
file51.38.185.204 | Responder botnet C2 server (confidence level: 50%) | |
file139.84.142.38 | pupy botnet C2 server (confidence level: 50%) | |
file185.252.179.190 | Mirai botnet C2 server (confidence level: 75%) | |
file185.254.18.2 | Mirai botnet C2 server (confidence level: 75%) | |
file70.53.193.161 | QakBot botnet C2 server (confidence level: 50%) | |
file74.12.147.211 | QakBot botnet C2 server (confidence level: 50%) | |
file209.25.141.212 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file181.132.143.37 | Remcos botnet C2 server (confidence level: 75%) | |
file198.144.187.19 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.187.235.186 | Crimson RAT botnet C2 server (confidence level: 75%) | |
file172.245.80.12 | Crimson RAT botnet C2 server (confidence level: 75%) | |
file86.130.9.166 | QakBot botnet C2 server (confidence level: 50%) | |
file109.221.161.67 | QakBot botnet C2 server (confidence level: 50%) | |
file202.95.15.23 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file136.243.214.49 | STRRAT botnet C2 server (confidence level: 100%) | |
file117.50.192.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.131.242.233 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.107.36.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file216.83.48.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.109.105.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.214.11.213 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.187.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file195.123.233.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.77.24.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.24.128.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.15.170.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.220.49.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.210.170.199 | Remcos botnet C2 server (confidence level: 100%) | |
file5.75.240.14 | Vidar botnet C2 server (confidence level: 100%) | |
file78.47.195.134 | Vidar botnet C2 server (confidence level: 100%) | |
file91.103.252.17 | ObserverStealer botnet C2 server (confidence level: 100%) | |
file3.125.188.168 | NjRAT botnet C2 server (confidence level: 100%) | |
file35.157.111.131 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.126.224.214 | NjRAT botnet C2 server (confidence level: 100%) | |
file197.87.135.122 | QakBot botnet C2 server (confidence level: 50%) | |
file45.95.169.175 | Mirai botnet C2 server (confidence level: 75%) | |
file124.71.39.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.133.32.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file195.123.233.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.1.44 | Meterpreter botnet C2 server (confidence level: 100%) | |
file192.198.82.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.99.52.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.142.138.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.39.36.52 | Remcos botnet C2 server (confidence level: 100%) | |
file193.106.174.210 | Unknown malware botnet C2 server (confidence level: 100%) | |
file191.89.247.6 | Remcos botnet C2 server (confidence level: 100%) | |
file5.42.92.122 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file113.193.95.156 | QakBot botnet C2 server (confidence level: 50%) | |
file173.206.20.235 | QakBot botnet C2 server (confidence level: 50%) | |
file209.25.142.212 | NjRAT botnet C2 server (confidence level: 100%) | |
file185.17.0.167 | Bashlite botnet C2 server (confidence level: 75%) | |
file116.204.77.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file182.92.131.14 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.143.221.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.195.145.185 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.142.187.48 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.106.76.185 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.182.38.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.147.108.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.31.109.29 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file66.242.156.33 | Mirai botnet C2 server (confidence level: 75%) | |
file167.99.179.6 | Mirai botnet C2 server (confidence level: 75%) | |
file185.252.179.228 | Amadey botnet C2 server (confidence level: 50%) | |
file94.131.15.185 | Unknown malware botnet C2 server (confidence level: 50%) | |
file109.123.251.235 | Unknown malware botnet C2 server (confidence level: 50%) | |
file38.55.96.159 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file13.38.36.123 | BianLian botnet C2 server (confidence level: 50%) | |
file51.255.5.104 | BianLian botnet C2 server (confidence level: 50%) | |
file172.86.78.127 | Havoc botnet C2 server (confidence level: 50%) | |
file3.15.47.174 | Responder botnet C2 server (confidence level: 50%) | |
file137.184.40.73 | Responder botnet C2 server (confidence level: 50%) | |
file194.26.192.203 | DCRat botnet C2 server (confidence level: 50%) | |
file185.106.93.193 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file153.92.126.196 | Remcos botnet C2 server (confidence level: 100%) | |
file223.166.224.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.13.42.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.155.75.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.9.74.164 | Amadey botnet C2 server (confidence level: 50%) | |
file206.188.197.251 | IcedID botnet C2 server (confidence level: 75%) | |
file5.181.80.141 | Mirai botnet C2 server (confidence level: 75%) | |
file199.195.253.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.200.134.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.28.146.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.234.185.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.13.34.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.220.153.113 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.50.176.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file220.79.238.87 | QakBot botnet C2 server (confidence level: 50%) | |
file41.100.109.67 | QakBot botnet C2 server (confidence level: 50%) | |
file41.230.206.109 | QakBot botnet C2 server (confidence level: 50%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash11290 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash31 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash993 | BianLian botnet C2 server (confidence level: 50%) | |
hash8443 | BianLian botnet C2 server (confidence level: 50%) | |
hash8443 | BianLian botnet C2 server (confidence level: 50%) | |
hash6022 | BianLian botnet C2 server (confidence level: 50%) | |
hash80 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash80 | Responder botnet C2 server (confidence level: 50%) | |
hash5985 | Responder botnet C2 server (confidence level: 50%) | |
hash5985 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | Responder botnet C2 server (confidence level: 50%) | |
hash5985 | Responder botnet C2 server (confidence level: 50%) | |
hash5986 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | pupy botnet C2 server (confidence level: 50%) | |
hash9375 | Mirai botnet C2 server (confidence level: 75%) | |
hash7777 | Mirai botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash2078 | QakBot botnet C2 server (confidence level: 50%) | |
hash45203 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash1883 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash44c494a30f83f92295c8351b86a2507a | Crimson RAT payload (confidence level: 100%) | |
hashfb1d84ef4d34e2f2f1e7fb3966123082 | Crimson RAT payload (confidence level: 100%) | |
hashb63fd1d2717071eca5b95db0bda74f26 | Crimson RAT payload (confidence level: 100%) | |
hashd72f7a7742ef69a7148981383e094ee3 | Crimson RAT payload (confidence level: 100%) | |
hashd67c9c9d0e94f04cfe67637922b61e05 | Crimson RAT payload (confidence level: 100%) | |
hashc9824b1a3b3f9bb1001b3bb174b44b7b | Crimson RAT payload (confidence level: 100%) | |
hashf1d0687821736fdfba7975d9f570f3ff | Crimson RAT payload (confidence level: 100%) | |
hash9ca04de899947dc06c5f0bbe677b75d8 | Crimson RAT payload (confidence level: 100%) | |
hashd155576b68e87a50b84fe5cf82dfc73a | Crimson RAT payload (confidence level: 100%) | |
hashc7026aa76880ff7e889deaf6e2b416b1 | Crimson RAT payload (confidence level: 100%) | |
hash827a3da12d83683d326d81c058c656ac | Crimson RAT payload (confidence level: 100%) | |
hash74f805b67565709940e952b40c8ce37c | Crimson RAT payload (confidence level: 100%) | |
hash8149 | Crimson RAT botnet C2 server (confidence level: 75%) | |
hash8149 | Crimson RAT botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash8333 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | STRRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2087 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash34087 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash8912 | ObserverStealer botnet C2 server (confidence level: 100%) | |
hash12937 | NjRAT botnet C2 server (confidence level: 100%) | |
hash12937 | NjRAT botnet C2 server (confidence level: 100%) | |
hash12937 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash5555 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash843 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash48331 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7778 | Remcos botnet C2 server (confidence level: 100%) | |
hash34244 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash17869 | NjRAT botnet C2 server (confidence level: 100%) | |
hash42516 | Bashlite botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash37599 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6081 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash80 | BianLian botnet C2 server (confidence level: 50%) | |
hash993 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash5985 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash5050 | DCRat botnet C2 server (confidence level: 50%) | |
hash26040 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainrinonizexa.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindata.dnslive.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainand-tim.at.ply.gg | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainhoysechichonea.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainupdate.optaneinteloss.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainupdate.optelinteloss.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincs.aazurenet.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.nacosgov.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainbigbrainhousewall.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainaskubuntu.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaintsix.synology.me | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainaaa.ad4min.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainss.rlfslie.cloud | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainresource.sekretariatparti.org | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainpublish-partner.nabtrade.com.au | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainoldredtoolbox.com.global.prod.fastly.net | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682c7ac2e3e6de8ceb76a4bf
Added to database: 5/20/2025, 12:51:14 PM
Last enriched: 6/19/2025, 1:47:19 PM
Last updated: 7/29/2025, 7:52:20 PM
Views: 12
Related Threats
ThreatFox IOCs for 2025-08-14
MediumMalwareFri Aug 15 2025
On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware
MediumMalwareThu Aug 14 2025
A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode
MediumMalwareThu Aug 14 2025
PhantomCard: New NFC-driven Android malware emerging in Brazil
MediumMalwareThu Aug 14 2025
ThreatFox IOCs for 2025-08-13
MediumMalwareThu Aug 14 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.