ThreatFox IOCs for 2023-08-11
ThreatFox IOCs for 2023-08-11
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-08-11 via the ThreatFox MISP Feed, categorized under malware-related activity. The data is primarily related to OSINT (Open Source Intelligence) and network activity associated with payload delivery mechanisms. However, the details are sparse, with no specific affected software versions, no known exploits in the wild, and no patch availability. The threat level is indicated as 2 (on an unspecified scale), with moderate distribution (3) and minimal analysis (1), suggesting limited insight into the threat's operational details. The absence of concrete technical indicators or CWEs (Common Weakness Enumerations) limits the ability to precisely characterize the malware or its attack vectors. The classification as OSINT and network activity implies that the threat involves reconnaissance or data gathering phases, possibly linked to the delivery of malicious payloads over the network. Given the lack of detailed technical specifics, this appears to be an early-stage or low-profile malware campaign or a collection of IOCs intended for situational awareness rather than an active, high-impact threat. The TLP (Traffic Light Protocol) is white, indicating the information is publicly shareable and not restricted.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium but largely theoretical due to the lack of detailed exploitation data or known active campaigns. If the malware or payload delivery mechanisms referenced were to be leveraged in targeted attacks, potential impacts could include unauthorized network access, data exfiltration, or disruption of services. However, without known exploits or specific vulnerabilities, the immediate risk remains limited. European entities involved in critical infrastructure, government, or sectors with high exposure to network-based attacks should remain vigilant, as the presence of IOCs suggests some level of reconnaissance or preparatory activity that could precede more targeted attacks. The medium severity reflects the potential for escalation if further details emerge or if threat actors develop exploit capabilities based on these IOCs.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing network monitoring and threat intelligence integration. Organizations should: 1) Incorporate the provided IOCs into their security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to detect any related network activity. 2) Conduct regular network traffic analysis to identify anomalous payload delivery attempts or reconnaissance behavior. 3) Maintain up-to-date threat intelligence feeds and collaborate with information sharing groups to receive timely updates on any evolution of this threat. 4) Implement strict network segmentation and least privilege principles to limit lateral movement if an infection occurs. 5) Educate security teams on recognizing early indicators of malware campaigns and payload delivery tactics. 6) Since no patches are available, focus on hardening network defenses and endpoint detection capabilities rather than relying on software updates. These steps go beyond generic advice by emphasizing proactive detection and intelligence-driven defense tailored to the nature of the threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- url: http://116.203.166.240:27015/
- file: 80.85.157.78
- hash: 28552
- url: http://gcl-page.biz/stats/save.php
- url: http://gcl-page.biz/check.php
- url: http://beerword.xyz/
- file: 168.100.10.122
- hash: 8081
- url: http://45.9.74.70/2bfwen6kgtm/index.php
- file: 77.126.0.168
- hash: 443
- file: 185.147.34.178
- hash: 55615
- url: http://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php
- url: http://94.156.253.25/en_us/all.js
- file: 94.156.253.26
- hash: 80
- file: 94.156.253.25
- hash: 80
- file: 39.49.48.18
- hash: 995
- file: 45.65.49.230
- hash: 443
- file: 86.96.75.225
- hash: 2222
- file: 100.4.182.242
- hash: 2222
- file: 200.91.114.90
- hash: 443
- file: 197.87.143.210
- hash: 443
- url: http://91.103.252.140/
- file: 31.53.29.199
- hash: 2222
- file: 113.193.95.237
- hash: 443
- url: http://216.128.145.196/~wellseconds/?p=060773029
- url: http://77.91.68.18/nice/index.php
- url: http://216.128.145.196/~wellseconds/?p=529497154189253
- url: http://154.90.57.70/load
- url: https://23.234.254.155:4433/g.pixel
- url: https://vps.cpple.tk:4433/match
- file: 77.91.68.18
- hash: 80
- file: 66.35.127.81
- hash: 2222
- file: 117.202.205.136
- hash: 993
- file: 64.188.19.202
- hash: 1604
- file: 89.23.100.178
- hash: 7872
- url: http://nesanocige.us:443/files/favicon.ico
- file: 75.156.126.33
- hash: 995
- file: 197.2.159.74
- hash: 443
- url: https://198.46.226.96/visit.js
- file: 198.46.226.96
- hash: 443
- url: https://103.44.244.230/pixel
- file: 103.44.244.230
- hash: 443
- url: http://36.140.61.132:8080/ie9compatviewlist.xml
- url: http://149.129.72.37:8880/g.pixel
- domain: 439mdxmex.damnserver.com
- domain: 897midasgold.ddns.me
- domain: 9mdxmex.damnserver.com
- domain: aigodmoney009.access.ly
- domain: askmrpc747bm.mymediapc.net
- domain: brockmex57.golffan.us
- domain: cinfintymex.geekgalaxy.com
- domain: cnt-blackrock.geekgalaxy.com
- domain: disrupmoney979.ditchyourip.com
- domain: dmrpc77bm.myactivedirectory.com
- domain: freelascdmx979.couchpotatofries.org
- domain: hotdiamond777.loginto.me
- domain: i89bydzi.dynns.com
- domain: ikmidasgold.ddns.me
- domain: imrpc7987bm.mmafan.biz
- domain: infintymex747.geekgalaxy.com
- domain: infintymexb.geekgalaxy.com
- domain: infintymexbrock.geekgalaxy.com
- domain: irocketxmtm.hopto.me
- domain: izt89bydzi.dynns.com
- domain: j1d3c3mex.homesecuritypc.com
- domain: jinfintymexbr.geekgalaxy.com
- domain: jxjmrpc797bm.mydissent.net
- domain: kakarotomx.dnsfor.me
- domain: kktkarotomx.dnsfor.me
- domain: megaskigoldmex.dvrcam.info
- domain: minfintymexbr.geekgalaxy.com
- domain: myfunbmdablo99.hosthampster.com
- domain: myinfintyme09.geekgalaxy.com
- domain: rexsrupmoney979.ditchyourip.com
- domain: skigoldmex.dvrcam.info
- domain: zeedinfintymexbrock.geekgalaxy.com
- file: 104.161.94.37
- hash: 3001
- url: http://45.42.160.55
- file: 209.250.242.222
- hash: 27532
- file: 118.107.46.132
- hash: 31337
- file: 118.107.46.132
- hash: 8888
- file: 100.36.21.114
- hash: 31337
- file: 100.36.21.114
- hash: 8888
- file: 118.107.46.131
- hash: 31337
- file: 118.107.46.131
- hash: 8888
- file: 118.107.46.133
- hash: 8888
- file: 118.107.46.133
- hash: 31337
- file: 194.87.236.17
- hash: 8888
- file: 194.87.236.17
- hash: 31337
- file: 91.103.253.43
- hash: 443
- file: 146.190.219.130
- hash: 443
- file: 35.74.154.31
- hash: 80
- file: 64.176.168.231
- hash: 80
- file: 188.124.39.62
- hash: 7443
- file: 146.190.38.149
- hash: 7443
- file: 103.225.198.216
- hash: 7443
- file: 167.99.194.103
- hash: 7443
- file: 3.78.199.107
- hash: 9000
- file: 36.138.134.148
- hash: 8443
- file: 124.24.58.252
- hash: 9090
- file: 23.163.0.228
- hash: 4772
- file: 109.248.6.223
- hash: 8443
- file: 135.125.250.237
- hash: 3170
- file: 208.123.119.153
- hash: 4486
- file: 194.156.98.226
- hash: 20143
- file: 103.20.235.154
- hash: 2561
- file: 43.153.87.78
- hash: 443
- file: 176.31.163.140
- hash: 80
- file: 176.31.163.140
- hash: 443
- file: 146.190.29.203
- hash: 80
- file: 20.160.143.1
- hash: 443
- file: 52.61.243.196
- hash: 445
- file: 52.61.243.196
- hash: 80
- file: 52.61.243.196
- hash: 443
- file: 104.194.222.50
- hash: 445
- file: 51.75.91.172
- hash: 5985
- file: 51.75.91.172
- hash: 445
- file: 15.200.170.168
- hash: 80
- file: 15.200.170.168
- hash: 445
- file: 137.184.225.245
- hash: 443
- file: 141.164.54.106
- hash: 445
- file: 34.150.43.70
- hash: 443
- file: 46.246.232.45
- hash: 995
- file: 154.12.254.215
- hash: 46452
- file: 164.92.144.116
- hash: 80
- file: 143.110.241.178
- hash: 80
- file: 159.223.95.82
- hash: 80
- file: 176.124.32.164
- hash: 80
- file: 167.71.35.189
- hash: 80
- file: 185.153.182.156
- hash: 80
- file: 128.199.151.179
- hash: 80
- url: http://175.178.80.121:8001/ga.js
- url: https://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js
- file: 43.138.230.201
- hash: 443
- url: https://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 23.92.208.51
- hash: 443
- url: https://154.9.253.54/api/3
- file: 154.9.253.54
- hash: 443
ThreatFox IOCs for 2023-08-11
Description
ThreatFox IOCs for 2023-08-11
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-08-11 via the ThreatFox MISP Feed, categorized under malware-related activity. The data is primarily related to OSINT (Open Source Intelligence) and network activity associated with payload delivery mechanisms. However, the details are sparse, with no specific affected software versions, no known exploits in the wild, and no patch availability. The threat level is indicated as 2 (on an unspecified scale), with moderate distribution (3) and minimal analysis (1), suggesting limited insight into the threat's operational details. The absence of concrete technical indicators or CWEs (Common Weakness Enumerations) limits the ability to precisely characterize the malware or its attack vectors. The classification as OSINT and network activity implies that the threat involves reconnaissance or data gathering phases, possibly linked to the delivery of malicious payloads over the network. Given the lack of detailed technical specifics, this appears to be an early-stage or low-profile malware campaign or a collection of IOCs intended for situational awareness rather than an active, high-impact threat. The TLP (Traffic Light Protocol) is white, indicating the information is publicly shareable and not restricted.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium but largely theoretical due to the lack of detailed exploitation data or known active campaigns. If the malware or payload delivery mechanisms referenced were to be leveraged in targeted attacks, potential impacts could include unauthorized network access, data exfiltration, or disruption of services. However, without known exploits or specific vulnerabilities, the immediate risk remains limited. European entities involved in critical infrastructure, government, or sectors with high exposure to network-based attacks should remain vigilant, as the presence of IOCs suggests some level of reconnaissance or preparatory activity that could precede more targeted attacks. The medium severity reflects the potential for escalation if further details emerge or if threat actors develop exploit capabilities based on these IOCs.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing network monitoring and threat intelligence integration. Organizations should: 1) Incorporate the provided IOCs into their security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to detect any related network activity. 2) Conduct regular network traffic analysis to identify anomalous payload delivery attempts or reconnaissance behavior. 3) Maintain up-to-date threat intelligence feeds and collaborate with information sharing groups to receive timely updates on any evolution of this threat. 4) Implement strict network segmentation and least privilege principles to limit lateral movement if an infection occurs. 5) Educate security teams on recognizing early indicators of malware campaigns and payload delivery tactics. 6) Since no patches are available, focus on hardening network defenses and endpoint detection capabilities rather than relying on software updates. These steps go beyond generic advice by emphasizing proactive detection and intelligence-driven defense tailored to the nature of the threat.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- fe6b01e3-2cbb-4845-9d7c-40a5134eb36f
- Original Timestamp
- 1691798586
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://116.203.166.240:27015/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://gcl-page.biz/stats/save.php | CCleaner Backdoor botnet C2 (confidence level: 100%) | |
urlhttp://gcl-page.biz/check.php | CCleaner Backdoor botnet C2 (confidence level: 100%) | |
urlhttp://beerword.xyz/ | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.9.74.70/2bfwen6kgtm/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://94.156.253.25/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.140/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://216.128.145.196/~wellseconds/?p=060773029 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://77.91.68.18/nice/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://216.128.145.196/~wellseconds/?p=529497154189253 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://154.90.57.70/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.234.254.155:4433/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://vps.cpple.tk:4433/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://nesanocige.us:443/files/favicon.ico | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://198.46.226.96/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://103.44.244.230/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://36.140.61.132:8080/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://149.129.72.37:8880/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.42.160.55 | JanelaRAT payload delivery URL (confidence level: 100%) | |
urlhttp://175.178.80.121:8001/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://154.9.253.54/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file80.85.157.78 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file168.100.10.122 | RisePro botnet C2 server (confidence level: 50%) | |
file77.126.0.168 | QakBot botnet C2 server (confidence level: 50%) | |
file185.147.34.178 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file94.156.253.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.156.253.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.49.48.18 | QakBot botnet C2 server (confidence level: 50%) | |
file45.65.49.230 | QakBot botnet C2 server (confidence level: 50%) | |
file86.96.75.225 | QakBot botnet C2 server (confidence level: 50%) | |
file100.4.182.242 | QakBot botnet C2 server (confidence level: 50%) | |
file200.91.114.90 | QakBot botnet C2 server (confidence level: 50%) | |
file197.87.143.210 | QakBot botnet C2 server (confidence level: 50%) | |
file31.53.29.199 | QakBot botnet C2 server (confidence level: 50%) | |
file113.193.95.237 | QakBot botnet C2 server (confidence level: 50%) | |
file77.91.68.18 | Amadey botnet C2 server (confidence level: 50%) | |
file66.35.127.81 | QakBot botnet C2 server (confidence level: 50%) | |
file117.202.205.136 | QakBot botnet C2 server (confidence level: 50%) | |
file64.188.19.202 | Remcos botnet C2 server (confidence level: 75%) | |
file89.23.100.178 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file75.156.126.33 | QakBot botnet C2 server (confidence level: 50%) | |
file197.2.159.74 | QakBot botnet C2 server (confidence level: 50%) | |
file198.46.226.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.44.244.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.161.94.37 | JanelaRAT botnet C2 server (confidence level: 100%) | |
file209.250.242.222 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file118.107.46.132 | Sliver botnet C2 server (confidence level: 50%) | |
file118.107.46.132 | Sliver botnet C2 server (confidence level: 50%) | |
file100.36.21.114 | Sliver botnet C2 server (confidence level: 50%) | |
file100.36.21.114 | Sliver botnet C2 server (confidence level: 50%) | |
file118.107.46.131 | Sliver botnet C2 server (confidence level: 50%) | |
file118.107.46.131 | Sliver botnet C2 server (confidence level: 50%) | |
file118.107.46.133 | Sliver botnet C2 server (confidence level: 50%) | |
file118.107.46.133 | Sliver botnet C2 server (confidence level: 50%) | |
file194.87.236.17 | Sliver botnet C2 server (confidence level: 50%) | |
file194.87.236.17 | Sliver botnet C2 server (confidence level: 50%) | |
file91.103.253.43 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file146.190.219.130 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file35.74.154.31 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file64.176.168.231 | Unknown malware botnet C2 server (confidence level: 50%) | |
file188.124.39.62 | Unknown malware botnet C2 server (confidence level: 50%) | |
file146.190.38.149 | Unknown malware botnet C2 server (confidence level: 50%) | |
file103.225.198.216 | Unknown malware botnet C2 server (confidence level: 50%) | |
file167.99.194.103 | Unknown malware botnet C2 server (confidence level: 50%) | |
file3.78.199.107 | Deimos botnet C2 server (confidence level: 50%) | |
file36.138.134.148 | Deimos botnet C2 server (confidence level: 50%) | |
file124.24.58.252 | Deimos botnet C2 server (confidence level: 50%) | |
file23.163.0.228 | BianLian botnet C2 server (confidence level: 50%) | |
file109.248.6.223 | BianLian botnet C2 server (confidence level: 50%) | |
file135.125.250.237 | BianLian botnet C2 server (confidence level: 50%) | |
file208.123.119.153 | BianLian botnet C2 server (confidence level: 50%) | |
file194.156.98.226 | BianLian botnet C2 server (confidence level: 50%) | |
file103.20.235.154 | BianLian botnet C2 server (confidence level: 50%) | |
file43.153.87.78 | Havoc botnet C2 server (confidence level: 50%) | |
file176.31.163.140 | Havoc botnet C2 server (confidence level: 50%) | |
file176.31.163.140 | Havoc botnet C2 server (confidence level: 50%) | |
file146.190.29.203 | Havoc botnet C2 server (confidence level: 50%) | |
file20.160.143.1 | Havoc botnet C2 server (confidence level: 50%) | |
file52.61.243.196 | Responder botnet C2 server (confidence level: 50%) | |
file52.61.243.196 | Responder botnet C2 server (confidence level: 50%) | |
file52.61.243.196 | Responder botnet C2 server (confidence level: 50%) | |
file104.194.222.50 | Responder botnet C2 server (confidence level: 50%) | |
file51.75.91.172 | Responder botnet C2 server (confidence level: 50%) | |
file51.75.91.172 | Responder botnet C2 server (confidence level: 50%) | |
file15.200.170.168 | Responder botnet C2 server (confidence level: 50%) | |
file15.200.170.168 | Responder botnet C2 server (confidence level: 50%) | |
file137.184.225.245 | Responder botnet C2 server (confidence level: 50%) | |
file141.164.54.106 | Responder botnet C2 server (confidence level: 50%) | |
file34.150.43.70 | pupy botnet C2 server (confidence level: 50%) | |
file46.246.232.45 | QakBot botnet C2 server (confidence level: 50%) | |
file154.12.254.215 | DCRat botnet C2 server (confidence level: 50%) | |
file164.92.144.116 | IcedID botnet C2 server (confidence level: 75%) | |
file143.110.241.178 | IcedID botnet C2 server (confidence level: 75%) | |
file159.223.95.82 | IcedID botnet C2 server (confidence level: 75%) | |
file176.124.32.164 | IcedID botnet C2 server (confidence level: 75%) | |
file167.71.35.189 | IcedID botnet C2 server (confidence level: 75%) | |
file185.153.182.156 | IcedID botnet C2 server (confidence level: 75%) | |
file128.199.151.179 | IcedID botnet C2 server (confidence level: 75%) | |
file43.138.230.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.92.208.51 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.9.253.54 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash28552 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | RisePro botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash993 | QakBot botnet C2 server (confidence level: 50%) | |
hash1604 | Remcos botnet C2 server (confidence level: 75%) | |
hash7872 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3001 | JanelaRAT botnet C2 server (confidence level: 100%) | |
hash27532 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9000 | Deimos botnet C2 server (confidence level: 50%) | |
hash8443 | Deimos botnet C2 server (confidence level: 50%) | |
hash9090 | Deimos botnet C2 server (confidence level: 50%) | |
hash4772 | BianLian botnet C2 server (confidence level: 50%) | |
hash8443 | BianLian botnet C2 server (confidence level: 50%) | |
hash3170 | BianLian botnet C2 server (confidence level: 50%) | |
hash4486 | BianLian botnet C2 server (confidence level: 50%) | |
hash20143 | BianLian botnet C2 server (confidence level: 50%) | |
hash2561 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash80 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash5985 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash80 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | pupy botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash46452 | DCRat botnet C2 server (confidence level: 50%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domain439mdxmex.damnserver.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domain897midasgold.ddns.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domain9mdxmex.damnserver.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainaigodmoney009.access.ly | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainaskmrpc747bm.mymediapc.net | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainbrockmex57.golffan.us | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaincinfintymex.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaincnt-blackrock.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaindisrupmoney979.ditchyourip.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaindmrpc77bm.myactivedirectory.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainfreelascdmx979.couchpotatofries.org | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainhotdiamond777.loginto.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaini89bydzi.dynns.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainikmidasgold.ddns.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainimrpc7987bm.mmafan.biz | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaininfintymex747.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaininfintymexb.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaininfintymexbrock.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainirocketxmtm.hopto.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainizt89bydzi.dynns.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainj1d3c3mex.homesecuritypc.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainjinfintymexbr.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainjxjmrpc797bm.mydissent.net | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainkakarotomx.dnsfor.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainkktkarotomx.dnsfor.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainmegaskigoldmex.dvrcam.info | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainminfintymexbr.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainmyfunbmdablo99.hosthampster.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainmyinfintyme09.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainrexsrupmoney979.ditchyourip.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainskigoldmex.dvrcam.info | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainzeedinfintymexbrock.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) |
Threat ID: 68359c9a5d5f0974d01e1ef7
Added to database: 5/27/2025, 11:06:02 AM
Last enriched: 7/5/2025, 11:09:44 PM
Last updated: 8/16/2025, 8:50:02 PM
Views: 10
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.