ThreatFox IOCs for 2023-08-11

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on August 11, 2023, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are limited, with no specific affected versions or products listed, and no known exploits in the wild. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores indicating moderate concern. The absence of patch availability and exploit reports suggests this is an intelligence gathering or early warning type of threat rather than an active, widespread malware campaign. The technical details imply that the threat involves network-based payload delivery mechanisms, potentially leveraging OSINT techniques to identify targets or distribute malicious payloads. The lack of concrete indicators or CWEs (Common Weakness Enumerations) limits the ability to pinpoint exact attack vectors or vulnerabilities exploited. Overall, this threat appears to be a medium-level risk related to malware payload delivery facilitated by network activity and OSINT methods, possibly used by threat actors to prepare or execute targeted attacks.

Potential Impact

For European organizations, the impact of this threat is currently moderate due to the absence of known exploits and patches. However, the involvement of OSINT and network-based payload delivery suggests potential risks to confidentiality and integrity if malicious payloads are successfully delivered and executed. Organizations relying heavily on networked systems and those with exposure to open-source intelligence data may face increased risk of targeted reconnaissance and subsequent attacks. The threat could lead to unauthorized data access, disruption of services, or foothold establishment within networks if payloads are deployed effectively. Given the medium severity and lack of active exploitation, the immediate operational impact is limited, but vigilance is necessary to prevent escalation. The threat may also serve as a precursor to more sophisticated attacks, especially against sectors with high-value data or critical infrastructure in Europe.

Mitigation Recommendations

European organizations should implement enhanced network monitoring to detect unusual payload delivery attempts, focusing on traffic patterns associated with OSINT-driven reconnaissance. Employing advanced threat intelligence platforms to correlate emerging IOCs from ThreatFox and similar sources can improve early detection. Network segmentation and strict access controls will limit lateral movement if payloads are delivered. Regularly updating and hardening network devices and endpoints, even in the absence of specific patches, reduces the attack surface. Security teams should conduct threat hunting exercises targeting network activity anomalies and payload delivery indicators. Additionally, organizations should train staff on recognizing social engineering tactics that may accompany OSINT-based attacks. Collaboration with national cybersecurity centers and sharing intelligence within European CERTs can enhance collective defense against evolving threats.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland

Indicators of Compromise

url: http://116.203.166.240:27015/
file: 80.85.157.78
hash: 28552
url: http://gcl-page.biz/stats/save.php
url: http://gcl-page.biz/check.php
url: http://beerword.xyz/
file: 168.100.10.122
hash: 8081
url: http://45.9.74.70/2bfwen6kgtm/index.php
file: 77.126.0.168
hash: 443
file: 185.147.34.178
hash: 55615
url: http://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php
url: http://94.156.253.25/en_us/all.js
file: 94.156.253.26
hash: 80
file: 94.156.253.25
hash: 80
file: 39.49.48.18
hash: 995
file: 45.65.49.230
hash: 443
file: 86.96.75.225
hash: 2222
file: 100.4.182.242
hash: 2222
file: 200.91.114.90
hash: 443
file: 197.87.143.210
hash: 443
url: http://91.103.252.140/
file: 31.53.29.199
hash: 2222
file: 113.193.95.237
hash: 443
url: http://216.128.145.196/~wellseconds/?p=060773029
url: http://77.91.68.18/nice/index.php
url: http://216.128.145.196/~wellseconds/?p=529497154189253
url: http://154.90.57.70/load
url: https://23.234.254.155:4433/g.pixel
url: https://vps.cpple.tk:4433/match
file: 77.91.68.18
hash: 80
file: 66.35.127.81
hash: 2222
file: 117.202.205.136
hash: 993
file: 64.188.19.202
hash: 1604
file: 89.23.100.178
hash: 7872
url: http://nesanocige.us:443/files/favicon.ico
file: 75.156.126.33
hash: 995
file: 197.2.159.74
hash: 443
url: https://198.46.226.96/visit.js
file: 198.46.226.96
hash: 443
url: https://103.44.244.230/pixel
file: 103.44.244.230
hash: 443
url: http://36.140.61.132:8080/ie9compatviewlist.xml
url: http://149.129.72.37:8880/g.pixel
domain: 439mdxmex.damnserver.com
domain: 897midasgold.ddns.me
domain: 9mdxmex.damnserver.com
domain: aigodmoney009.access.ly
domain: askmrpc747bm.mymediapc.net
domain: brockmex57.golffan.us
domain: cinfintymex.geekgalaxy.com
domain: cnt-blackrock.geekgalaxy.com
domain: disrupmoney979.ditchyourip.com
domain: dmrpc77bm.myactivedirectory.com
domain: freelascdmx979.couchpotatofries.org
domain: hotdiamond777.loginto.me
domain: i89bydzi.dynns.com
domain: ikmidasgold.ddns.me
domain: imrpc7987bm.mmafan.biz
domain: infintymex747.geekgalaxy.com
domain: infintymexb.geekgalaxy.com
domain: infintymexbrock.geekgalaxy.com
domain: irocketxmtm.hopto.me
domain: izt89bydzi.dynns.com
domain: j1d3c3mex.homesecuritypc.com
domain: jinfintymexbr.geekgalaxy.com
domain: jxjmrpc797bm.mydissent.net
domain: kakarotomx.dnsfor.me
domain: kktkarotomx.dnsfor.me
domain: megaskigoldmex.dvrcam.info
domain: minfintymexbr.geekgalaxy.com
domain: myfunbmdablo99.hosthampster.com
domain: myinfintyme09.geekgalaxy.com
domain: rexsrupmoney979.ditchyourip.com
domain: skigoldmex.dvrcam.info
domain: zeedinfintymexbrock.geekgalaxy.com
file: 104.161.94.37
hash: 3001
url: http://45.42.160.55
file: 209.250.242.222
hash: 27532
file: 118.107.46.132
hash: 31337
file: 118.107.46.132
hash: 8888
file: 100.36.21.114
hash: 31337
file: 100.36.21.114
hash: 8888
file: 118.107.46.131
hash: 31337
file: 118.107.46.131
hash: 8888
file: 118.107.46.133
hash: 8888
file: 118.107.46.133
hash: 31337
file: 194.87.236.17
hash: 8888
file: 194.87.236.17
hash: 31337
file: 91.103.253.43
hash: 443
file: 146.190.219.130
hash: 443
file: 35.74.154.31
hash: 80
file: 64.176.168.231
hash: 80
file: 188.124.39.62
hash: 7443
file: 146.190.38.149
hash: 7443
file: 103.225.198.216
hash: 7443
file: 167.99.194.103
hash: 7443
file: 3.78.199.107
hash: 9000
file: 36.138.134.148
hash: 8443
file: 124.24.58.252
hash: 9090
file: 23.163.0.228
hash: 4772
file: 109.248.6.223
hash: 8443
file: 135.125.250.237
hash: 3170
file: 208.123.119.153
hash: 4486
file: 194.156.98.226
hash: 20143
file: 103.20.235.154
hash: 2561
file: 43.153.87.78
hash: 443
file: 176.31.163.140
hash: 80
file: 176.31.163.140
hash: 443
file: 146.190.29.203
hash: 80
file: 20.160.143.1
hash: 443
file: 52.61.243.196
hash: 445
file: 52.61.243.196
hash: 80
file: 52.61.243.196
hash: 443
file: 104.194.222.50
hash: 445
file: 51.75.91.172
hash: 5985
file: 51.75.91.172
hash: 445
file: 15.200.170.168
hash: 80
file: 15.200.170.168
hash: 445
file: 137.184.225.245
hash: 443
file: 141.164.54.106
hash: 445
file: 34.150.43.70
hash: 443
file: 46.246.232.45
hash: 995
file: 154.12.254.215
hash: 46452
file: 164.92.144.116
hash: 80
file: 143.110.241.178
hash: 80
file: 159.223.95.82
hash: 80
file: 176.124.32.164
hash: 80
file: 167.71.35.189
hash: 80
file: 185.153.182.156
hash: 80
file: 128.199.151.179
hash: 80
url: http://175.178.80.121:8001/ga.js
url: https://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js
file: 43.138.230.201
hash: 443
url: https://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 23.92.208.51
hash: 443
url: https://154.9.253.54/api/3
file: 154.9.253.54
hash: 443

ThreatFox IOCs for 2023-08-11

Severity: medium

Type: malware

ThreatFox IOCs for 2023-08-11

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland

Indicators of Compromise

url: http://116.203.166.240:27015/
file: 80.85.157.78
hash: 28552
url: http://gcl-page.biz/stats/save.php
url: http://gcl-page.biz/check.php
url: http://beerword.xyz/
file: 168.100.10.122
hash: 8081
url: http://45.9.74.70/2bfwen6kgtm/index.php
file: 77.126.0.168
hash: 443
file: 185.147.34.178
hash: 55615
url: http://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php
url: http://94.156.253.25/en_us/all.js
file: 94.156.253.26
hash: 80
file: 94.156.253.25
hash: 80
file: 39.49.48.18
hash: 995
file: 45.65.49.230
hash: 443
file: 86.96.75.225
hash: 2222
file: 100.4.182.242
hash: 2222
file: 200.91.114.90
hash: 443
file: 197.87.143.210
hash: 443
url: http://91.103.252.140/
file: 31.53.29.199
hash: 2222
file: 113.193.95.237
hash: 443
url: http://216.128.145.196/~wellseconds/?p=060773029
url: http://77.91.68.18/nice/index.php
url: http://216.128.145.196/~wellseconds/?p=529497154189253
url: http://154.90.57.70/load
url: https://23.234.254.155:4433/g.pixel
url: https://vps.cpple.tk:4433/match
file: 77.91.68.18
hash: 80
file: 66.35.127.81
hash: 2222
file: 117.202.205.136
hash: 993
file: 64.188.19.202
hash: 1604
file: 89.23.100.178
hash: 7872
url: http://nesanocige.us:443/files/favicon.ico
file: 75.156.126.33
hash: 995
file: 197.2.159.74
hash: 443
url: https://198.46.226.96/visit.js
file: 198.46.226.96
hash: 443
url: https://103.44.244.230/pixel
file: 103.44.244.230
hash: 443
url: http://36.140.61.132:8080/ie9compatviewlist.xml
url: http://149.129.72.37:8880/g.pixel
domain: 439mdxmex.damnserver.com
domain: 897midasgold.ddns.me
domain: 9mdxmex.damnserver.com
domain: aigodmoney009.access.ly
domain: askmrpc747bm.mymediapc.net
domain: brockmex57.golffan.us
domain: cinfintymex.geekgalaxy.com
domain: cnt-blackrock.geekgalaxy.com
domain: disrupmoney979.ditchyourip.com
domain: dmrpc77bm.myactivedirectory.com
domain: freelascdmx979.couchpotatofries.org
domain: hotdiamond777.loginto.me
domain: i89bydzi.dynns.com
domain: ikmidasgold.ddns.me
domain: imrpc7987bm.mmafan.biz
domain: infintymex747.geekgalaxy.com
domain: infintymexb.geekgalaxy.com
domain: infintymexbrock.geekgalaxy.com
domain: irocketxmtm.hopto.me
domain: izt89bydzi.dynns.com
domain: j1d3c3mex.homesecuritypc.com
domain: jinfintymexbr.geekgalaxy.com
domain: jxjmrpc797bm.mydissent.net
domain: kakarotomx.dnsfor.me
domain: kktkarotomx.dnsfor.me
domain: megaskigoldmex.dvrcam.info
domain: minfintymexbr.geekgalaxy.com
domain: myfunbmdablo99.hosthampster.com
domain: myinfintyme09.geekgalaxy.com
domain: rexsrupmoney979.ditchyourip.com
domain: skigoldmex.dvrcam.info
domain: zeedinfintymexbrock.geekgalaxy.com
file: 104.161.94.37
hash: 3001
url: http://45.42.160.55
file: 209.250.242.222
hash: 27532
file: 118.107.46.132
hash: 31337
file: 118.107.46.132
hash: 8888
file: 100.36.21.114
hash: 31337
file: 100.36.21.114
hash: 8888
file: 118.107.46.131
hash: 31337
file: 118.107.46.131
hash: 8888
file: 118.107.46.133
hash: 8888
file: 118.107.46.133
hash: 31337
file: 194.87.236.17
hash: 8888
file: 194.87.236.17
hash: 31337
file: 91.103.253.43
hash: 443
file: 146.190.219.130
hash: 443
file: 35.74.154.31
hash: 80
file: 64.176.168.231
hash: 80
file: 188.124.39.62
hash: 7443
file: 146.190.38.149
hash: 7443
file: 103.225.198.216
hash: 7443
file: 167.99.194.103
hash: 7443
file: 3.78.199.107
hash: 9000
file: 36.138.134.148
hash: 8443
file: 124.24.58.252
hash: 9090
file: 23.163.0.228
hash: 4772
file: 109.248.6.223
hash: 8443
file: 135.125.250.237
hash: 3170
file: 208.123.119.153
hash: 4486
file: 194.156.98.226
hash: 20143
file: 103.20.235.154
hash: 2561
file: 43.153.87.78
hash: 443
file: 176.31.163.140
hash: 80
file: 176.31.163.140
hash: 443
file: 146.190.29.203
hash: 80
file: 20.160.143.1
hash: 443
file: 52.61.243.196
hash: 445
file: 52.61.243.196
hash: 80
file: 52.61.243.196
hash: 443
file: 104.194.222.50
hash: 445
file: 51.75.91.172
hash: 5985
file: 51.75.91.172
hash: 445
file: 15.200.170.168
hash: 80
file: 15.200.170.168
hash: 445
file: 137.184.225.245
hash: 443
file: 141.164.54.106
hash: 445
file: 34.150.43.70
hash: 443
file: 46.246.232.45
hash: 995
file: 154.12.254.215
hash: 46452
file: 164.92.144.116
hash: 80
file: 143.110.241.178
hash: 80
file: 159.223.95.82
hash: 80
file: 176.124.32.164
hash: 80
file: 167.71.35.189
hash: 80
file: 185.153.182.156
hash: 80
file: 128.199.151.179
hash: 80
url: http://175.178.80.121:8001/ga.js
url: https://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js
file: 43.138.230.201
hash: 443
url: https://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 23.92.208.51
hash: 443
url: https://154.9.253.54/api/3
file: 154.9.253.54
hash: 443

Source: ThreatFox

Published: Fri Aug 11 2023

ThreatFox IOCs for 2023-08-11

Medium

Malwaretype:osint tlp:white

Published: Fri Aug 11 2023 (08/11/2023, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2023-08-11

AI-Powered Analysis

AILast updated: 06/18/2025, 09:20:42 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: fe6b01e3-2cbb-4845-9d7c-40a5134eb36f
Original Timestamp: 1691798586

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://116.203.166.240:27015/	Vidar botnet C2 (confidence level: 100%)
urlhttp://gcl-page.biz/stats/save.php	CCleaner Backdoor botnet C2 (confidence level: 100%)
urlhttp://gcl-page.biz/check.php	CCleaner Backdoor botnet C2 (confidence level: 100%)
urlhttp://beerword.xyz/	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://45.9.74.70/2bfwen6kgtm/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://94.156.253.25/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://91.103.252.140/	RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://216.128.145.196/~wellseconds/?p=060773029	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://77.91.68.18/nice/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://216.128.145.196/~wellseconds/?p=529497154189253	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://154.90.57.70/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.234.254.155:4433/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://vps.cpple.tk:4433/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://nesanocige.us:443/files/favicon.ico	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://198.46.226.96/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://103.44.244.230/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://36.140.61.132:8080/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://149.129.72.37:8880/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.42.160.55	JanelaRAT payload delivery URL (confidence level: 100%)
urlhttp://175.178.80.121:8001/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://154.9.253.54/api/3	Cobalt Strike botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file80.85.157.78	RedLine Stealer botnet C2 server (confidence level: 100%)
file168.100.10.122	RisePro botnet C2 server (confidence level: 50%)
file77.126.0.168	QakBot botnet C2 server (confidence level: 50%)
file185.147.34.178	RedLine Stealer botnet C2 server (confidence level: 100%)
file94.156.253.26	Cobalt Strike botnet C2 server (confidence level: 100%)
file94.156.253.25	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.49.48.18	QakBot botnet C2 server (confidence level: 50%)
file45.65.49.230	QakBot botnet C2 server (confidence level: 50%)
file86.96.75.225	QakBot botnet C2 server (confidence level: 50%)
file100.4.182.242	QakBot botnet C2 server (confidence level: 50%)
file200.91.114.90	QakBot botnet C2 server (confidence level: 50%)
file197.87.143.210	QakBot botnet C2 server (confidence level: 50%)
file31.53.29.199	QakBot botnet C2 server (confidence level: 50%)
file113.193.95.237	QakBot botnet C2 server (confidence level: 50%)
file77.91.68.18	Amadey botnet C2 server (confidence level: 50%)
file66.35.127.81	QakBot botnet C2 server (confidence level: 50%)
file117.202.205.136	QakBot botnet C2 server (confidence level: 50%)
file64.188.19.202	Remcos botnet C2 server (confidence level: 75%)
file89.23.100.178	RedLine Stealer botnet C2 server (confidence level: 100%)
file75.156.126.33	QakBot botnet C2 server (confidence level: 50%)
file197.2.159.74	QakBot botnet C2 server (confidence level: 50%)
file198.46.226.96	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.44.244.230	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.161.94.37	JanelaRAT botnet C2 server (confidence level: 100%)
file209.250.242.222	RedLine Stealer botnet C2 server (confidence level: 100%)
file118.107.46.132	Sliver botnet C2 server (confidence level: 50%)
file118.107.46.132	Sliver botnet C2 server (confidence level: 50%)
file100.36.21.114	Sliver botnet C2 server (confidence level: 50%)
file100.36.21.114	Sliver botnet C2 server (confidence level: 50%)
file118.107.46.131	Sliver botnet C2 server (confidence level: 50%)
file118.107.46.131	Sliver botnet C2 server (confidence level: 50%)
file118.107.46.133	Sliver botnet C2 server (confidence level: 50%)
file118.107.46.133	Sliver botnet C2 server (confidence level: 50%)
file194.87.236.17	Sliver botnet C2 server (confidence level: 50%)
file194.87.236.17	Sliver botnet C2 server (confidence level: 50%)
file91.103.253.43	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file146.190.219.130	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file35.74.154.31	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file64.176.168.231	Unknown malware botnet C2 server (confidence level: 50%)
file188.124.39.62	Unknown malware botnet C2 server (confidence level: 50%)
file146.190.38.149	Unknown malware botnet C2 server (confidence level: 50%)
file103.225.198.216	Unknown malware botnet C2 server (confidence level: 50%)
file167.99.194.103	Unknown malware botnet C2 server (confidence level: 50%)
file3.78.199.107	Deimos botnet C2 server (confidence level: 50%)
file36.138.134.148	Deimos botnet C2 server (confidence level: 50%)
file124.24.58.252	Deimos botnet C2 server (confidence level: 50%)
file23.163.0.228	BianLian botnet C2 server (confidence level: 50%)
file109.248.6.223	BianLian botnet C2 server (confidence level: 50%)
file135.125.250.237	BianLian botnet C2 server (confidence level: 50%)
file208.123.119.153	BianLian botnet C2 server (confidence level: 50%)
file194.156.98.226	BianLian botnet C2 server (confidence level: 50%)
file103.20.235.154	BianLian botnet C2 server (confidence level: 50%)
file43.153.87.78	Havoc botnet C2 server (confidence level: 50%)
file176.31.163.140	Havoc botnet C2 server (confidence level: 50%)
file176.31.163.140	Havoc botnet C2 server (confidence level: 50%)
file146.190.29.203	Havoc botnet C2 server (confidence level: 50%)
file20.160.143.1	Havoc botnet C2 server (confidence level: 50%)
file52.61.243.196	Responder botnet C2 server (confidence level: 50%)
file52.61.243.196	Responder botnet C2 server (confidence level: 50%)
file52.61.243.196	Responder botnet C2 server (confidence level: 50%)
file104.194.222.50	Responder botnet C2 server (confidence level: 50%)
file51.75.91.172	Responder botnet C2 server (confidence level: 50%)
file51.75.91.172	Responder botnet C2 server (confidence level: 50%)
file15.200.170.168	Responder botnet C2 server (confidence level: 50%)
file15.200.170.168	Responder botnet C2 server (confidence level: 50%)
file137.184.225.245	Responder botnet C2 server (confidence level: 50%)
file141.164.54.106	Responder botnet C2 server (confidence level: 50%)
file34.150.43.70	pupy botnet C2 server (confidence level: 50%)
file46.246.232.45	QakBot botnet C2 server (confidence level: 50%)
file154.12.254.215	DCRat botnet C2 server (confidence level: 50%)
file164.92.144.116	IcedID botnet C2 server (confidence level: 75%)
file143.110.241.178	IcedID botnet C2 server (confidence level: 75%)
file159.223.95.82	IcedID botnet C2 server (confidence level: 75%)
file176.124.32.164	IcedID botnet C2 server (confidence level: 75%)
file167.71.35.189	IcedID botnet C2 server (confidence level: 75%)
file185.153.182.156	IcedID botnet C2 server (confidence level: 75%)
file128.199.151.179	IcedID botnet C2 server (confidence level: 75%)
file43.138.230.201	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.92.208.51	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.9.253.54	Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash28552	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8081	RisePro botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash55615	RedLine Stealer botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash995	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash2222	QakBot botnet C2 server (confidence level: 50%)
hash2222	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash2222	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash80	Amadey botnet C2 server (confidence level: 50%)
hash2222	QakBot botnet C2 server (confidence level: 50%)
hash993	QakBot botnet C2 server (confidence level: 50%)
hash1604	Remcos botnet C2 server (confidence level: 75%)
hash7872	RedLine Stealer botnet C2 server (confidence level: 100%)
hash995	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash3001	JanelaRAT botnet C2 server (confidence level: 100%)
hash27532	RedLine Stealer botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash8888	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash8888	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash8888	Sliver botnet C2 server (confidence level: 50%)
hash8888	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash8888	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash443	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash443	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash9000	Deimos botnet C2 server (confidence level: 50%)
hash8443	Deimos botnet C2 server (confidence level: 50%)
hash9090	Deimos botnet C2 server (confidence level: 50%)
hash4772	BianLian botnet C2 server (confidence level: 50%)
hash8443	BianLian botnet C2 server (confidence level: 50%)
hash3170	BianLian botnet C2 server (confidence level: 50%)
hash4486	BianLian botnet C2 server (confidence level: 50%)
hash20143	BianLian botnet C2 server (confidence level: 50%)
hash2561	BianLian botnet C2 server (confidence level: 50%)
hash443	Havoc botnet C2 server (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 50%)
hash443	Havoc botnet C2 server (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 50%)
hash443	Havoc botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash80	Responder botnet C2 server (confidence level: 50%)
hash443	Responder botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash5985	Responder botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash80	Responder botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash443	Responder botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash443	pupy botnet C2 server (confidence level: 50%)
hash995	QakBot botnet C2 server (confidence level: 50%)
hash46452	DCRat botnet C2 server (confidence level: 50%)
hash80	IcedID botnet C2 server (confidence level: 75%)
hash80	IcedID botnet C2 server (confidence level: 75%)
hash80	IcedID botnet C2 server (confidence level: 75%)
hash80	IcedID botnet C2 server (confidence level: 75%)
hash80	IcedID botnet C2 server (confidence level: 75%)
hash80	IcedID botnet C2 server (confidence level: 75%)
hash80	IcedID botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domain439mdxmex.damnserver.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domain897midasgold.ddns.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domain9mdxmex.damnserver.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainaigodmoney009.access.ly	JanelaRAT botnet C2 domain (confidence level: 100%)
domainaskmrpc747bm.mymediapc.net	JanelaRAT botnet C2 domain (confidence level: 100%)
domainbrockmex57.golffan.us	JanelaRAT botnet C2 domain (confidence level: 100%)
domaincinfintymex.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaincnt-blackrock.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaindisrupmoney979.ditchyourip.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaindmrpc77bm.myactivedirectory.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainfreelascdmx979.couchpotatofries.org	JanelaRAT botnet C2 domain (confidence level: 100%)
domainhotdiamond777.loginto.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domaini89bydzi.dynns.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainikmidasgold.ddns.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domainimrpc7987bm.mmafan.biz	JanelaRAT botnet C2 domain (confidence level: 100%)
domaininfintymex747.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaininfintymexb.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaininfintymexbrock.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainirocketxmtm.hopto.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domainizt89bydzi.dynns.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainj1d3c3mex.homesecuritypc.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainjinfintymexbr.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainjxjmrpc797bm.mydissent.net	JanelaRAT botnet C2 domain (confidence level: 100%)
domainkakarotomx.dnsfor.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domainkktkarotomx.dnsfor.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domainmegaskigoldmex.dvrcam.info	JanelaRAT botnet C2 domain (confidence level: 100%)
domainminfintymexbr.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainmyfunbmdablo99.hosthampster.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainmyinfintyme09.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainrexsrupmoney979.ditchyourip.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainskigoldmex.dvrcam.info	JanelaRAT botnet C2 domain (confidence level: 100%)
domainzeedinfintymexbrock.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)

Threat ID: 682acdc2bbaf20d303f18611

Added to database: 5/19/2025, 6:20:50 AM

Last enriched: 6/18/2025, 9:20:42 AM

Last updated: 7/27/2025, 6:44:34 AM

Related Threats

Unmasking SocGholish: Untangling the Malware Web Behind the 'Pioneer of Fake Updates' and Its Operator

Medium

MalwareFri Aug 08 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2023-08-11

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2023-08-11

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Related Threats

Unmasking SocGholish: Untangling the Malware Web Behind the 'Pioneer of Fake Updates' and Its Operator

Observed Malicious Driver Use Associated with Akira SonicWall Campaign

ThreatFox IOCs for 2025-08-07

Shared secret: EDR killer in the kill chain

New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility