Skip to main content

ThreatFox IOCs for 2023-10-06

Medium
Published: Fri Oct 06 2023 (10/06/2023, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-10-06

AI-Powered Analysis

AILast updated: 07/05/2025, 23:12:12 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-10-06 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit targeting a particular software or hardware product. There are no affected versions listed, no patches available, and no known exploits in the wild, indicating that this is an intelligence feed update rather than a direct exploit or vulnerability disclosure. The threat level is rated as medium, with technical details showing moderate distribution (3) and low threat level (2) and analysis (1) scores, suggesting that while the indicators may be useful for detection and prevention, they do not represent an immediate or critical threat. The absence of specific technical details, affected products, or exploitation methods limits the ability to provide a detailed technical breakdown of the malware or attack vector. Instead, this information serves as a resource for security teams to update their detection capabilities and monitor network activity for signs of the associated threat actors or payload delivery mechanisms.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in enhancing situational awareness and improving detection capabilities rather than mitigating an active or critical threat. Since no specific vulnerabilities or exploits are identified, the direct risk to confidentiality, integrity, or availability is low at this time. However, the presence of updated IOCs related to malware and payload delivery could help organizations identify early signs of intrusion or compromise attempts, potentially reducing the dwell time of attackers if these indicators are integrated into security monitoring tools. The medium severity rating suggests that while the threat is not urgent, it should not be ignored, especially for organizations with high-value assets or those in sectors frequently targeted by malware campaigns, such as finance, critical infrastructure, and government entities.

Mitigation Recommendations

European organizations should incorporate the provided IOCs into their existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection of related malicious activity. Regularly updating threat intelligence feeds and correlating these indicators with internal logs can improve early warning capabilities. Additionally, organizations should conduct network traffic analysis focusing on unusual payload delivery patterns and suspicious network activity. Since no patches are available, emphasis should be placed on proactive monitoring, employee awareness training to recognize phishing or social engineering attempts that could deliver malware, and maintaining robust backup and recovery procedures to mitigate potential payload impacts. Collaboration with national cybersecurity centers and sharing intelligence within trusted communities can also enhance collective defense against evolving threats.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fc25e89a-b6f9-4e8c-93a1-2f25e43d65ba
Original Timestamp
1696636986

Indicators of Compromise

File

ValueDescriptionCopy
file138.201.18.225
AsyncRAT botnet C2 server (confidence level: 100%)
file80.76.51.70
Unknown malware botnet C2 server (confidence level: 50%)
file45.86.163.188
BianLian botnet C2 server (confidence level: 50%)
file45.86.163.188
BianLian botnet C2 server (confidence level: 50%)
file46.148.139.144
BianLian botnet C2 server (confidence level: 50%)
file3.81.68.30
BianLian botnet C2 server (confidence level: 50%)
file34.227.89.96
Havoc botnet C2 server (confidence level: 50%)
file45.138.16.248
Havoc botnet C2 server (confidence level: 50%)
file142.171.158.253
Unknown malware botnet C2 server (confidence level: 50%)
file101.42.41.136
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.138.201.44
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.136.247
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.66.2.195
Cobalt Strike botnet C2 server (confidence level: 100%)
file165.22.225.110
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.146.158.207
Cobalt Strike botnet C2 server (confidence level: 100%)
file79.110.62.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.250.16.184
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.42.41.136
Cobalt Strike botnet C2 server (confidence level: 100%)
file60.204.202.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.42.41.136
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.252.29
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.162.235.241
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.37.206.148
Cobalt Strike botnet C2 server (confidence level: 100%)
file138.68.171.72
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.140.20.240
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.103.253.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file60.204.171.143
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.4.204
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.42.67.7
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.140.198.4
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.43.13.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file68.183.124.131
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.42.41.136
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.32.187.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.235.42
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.157.154.247
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.70.190.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.42.192.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.23.99.111
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.19.138.95
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.161.35
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.197.231.178
NjRAT botnet C2 server (confidence level: 100%)
file144.208.127.144
FAKEUPDATES payload delivery server (confidence level: 100%)
file5.42.76.85
Mirai botnet C2 server (confidence level: 75%)
file45.66.230.22
Ave Maria botnet C2 server (confidence level: 100%)
file45.66.230.22
Quasar RAT botnet C2 server (confidence level: 100%)
file79.110.62.189
AsyncRAT botnet C2 server (confidence level: 100%)
file193.26.115.167
AsyncRAT botnet C2 server (confidence level: 75%)
file193.26.115.167
AsyncRAT botnet C2 server (confidence level: 75%)
file193.26.115.167
AsyncRAT botnet C2 server (confidence level: 75%)
file124.223.62.233
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.16.38.41
AsyncRAT botnet C2 server (confidence level: 100%)
file185.241.208.114
AsyncRAT botnet C2 server (confidence level: 100%)
file185.241.208.203
AsyncRAT botnet C2 server (confidence level: 100%)
file4.151.131.10
AsyncRAT botnet C2 server (confidence level: 75%)
file185.16.38.41
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.21
AsyncRAT botnet C2 server (confidence level: 100%)
file209.145.56.0
AsyncRAT botnet C2 server (confidence level: 75%)
file185.241.208.42
AsyncRAT botnet C2 server (confidence level: 100%)
file185.241.208.42
AsyncRAT botnet C2 server (confidence level: 100%)
file5.42.65.15
RedLine Stealer botnet C2 server (confidence level: 100%)
file193.27.72.137
NjRAT botnet C2 server (confidence level: 100%)
file38.180.78.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file87.239.108.174
Sliver botnet C2 server (confidence level: 50%)
file87.239.108.174
Sliver botnet C2 server (confidence level: 50%)
file216.128.141.126
Unknown malware botnet C2 server (confidence level: 50%)
file151.236.8.237
BianLian botnet C2 server (confidence level: 50%)
file178.128.111.190
Havoc botnet C2 server (confidence level: 50%)
file20.19.1.146
Havoc botnet C2 server (confidence level: 50%)
file194.182.78.107
Havoc botnet C2 server (confidence level: 50%)
file167.235.149.241
Responder botnet C2 server (confidence level: 50%)
file44.212.57.147
Responder botnet C2 server (confidence level: 50%)
file179.13.2.154
DCRat botnet C2 server (confidence level: 50%)
file193.42.36.101
IcedID botnet C2 server (confidence level: 75%)
file75.60.22.100
Cobalt Strike botnet C2 server (confidence level: 100%)
file162.14.98.165
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.137.102.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.116.15.43
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash4e1196b694ec1391ed1874e10f30b2f909a05b9c76828089d2c2aeed5527b687
IRATA payload (confidence level: 100%)
hash5a736b914a1119389bd94142c013ff5c
IRATA payload (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash100
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash80
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash10000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1018
NjRAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash60195
Mirai botnet C2 server (confidence level: 75%)
hash5200
Ave Maria botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash30305
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 75%)
hash8808
AsyncRAT botnet C2 server (confidence level: 75%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2035
AsyncRAT botnet C2 server (confidence level: 100%)
hash5555
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash2404
AsyncRAT botnet C2 server (confidence level: 75%)
hash2023
AsyncRAT botnet C2 server (confidence level: 100%)
hash2404
AsyncRAT botnet C2 server (confidence level: 100%)
hash57
AsyncRAT botnet C2 server (confidence level: 75%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash2266
AsyncRAT botnet C2 server (confidence level: 100%)
hash46324
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1177
NjRAT botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash80
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash2323
DCRat botnet C2 server (confidence level: 50%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainnmbvcxzasedrt.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainsahame.symen.ir
IRATA botnet C2 domain (confidence level: 100%)
domainsymen.ir
IRATA botnet C2 domain (confidence level: 100%)
domainadl-vq.vizvaz.com
IRATA payload delivery domain (confidence level: 100%)
domainmynameisnull.site
IRATA botnet C2 domain (confidence level: 100%)
domaingta-fportal.com
IRATA botnet C2 domain (confidence level: 100%)
domainplawers.com
Pikabot payload delivery domain (confidence level: 100%)
domaind2d756ulnohqjs.cloudfront.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainupcls.online
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainhelloone.accountants.monster
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainacornservices.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainpbfenergy.azurewebsites.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaind2cpd93ebiah9g.cloudfront.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-n0tf95ic-1305872204.gz.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwsexdrcftgyy191.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainfgudhiiugiufgifufgihdhuidfxgd.duckdns.org
Nanocore RAT botnet C2 domain (confidence level: 100%)
domaincache.thorjane.com
Cobalt Strike botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://nmbvcxzasedrt.com/vvmd54/
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://nmbvcxzasedrt.com/lander/chrome_1695206714/_index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://fgkdfkfddxzy.xyz
Alien botnet C2 (confidence level: 80%)
urlhttps://nmbvcxzasedrt.com/zgbn19mx
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://fablane.com/cdn-js/minlen.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://fablane.com/cdn/qzwewmrqqgqnaww.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://residencialcasabrasileira.com/111.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://legalny.com.pl/comments.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://haroldmoscotelora09.con-ip.com:1995
Remcos botnet C2 (confidence level: 100%)
urlhttp://terlevisor23.con-ip.com:1883
Remcos botnet C2 (confidence level: 100%)
urlhttp://claudiabetancurlora09.con-ip.com:1995
Remcos botnet C2 (confidence level: 100%)
urlhttp://vanidad.con-ip.com:7770
Remcos botnet C2 (confidence level: 100%)
urlhttp://artificialleath.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://noisemakjelly.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://adl-vq.vizvaz.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://mynameisnull.site/config/-1001228456341
IRATA botnet C2 (confidence level: 100%)
urlhttps://mynameisnull.site/api/-1001228456341
IRATA botnet C2 (confidence level: 100%)
urlhttps://mynameisnull.site/api/
IRATA botnet C2 (confidence level: 100%)
urlhttps://mynameisnull.site/config/
IRATA botnet C2 (confidence level: 100%)
urlhttps://gta-fportal.com/game/?e=73661
IRATA botnet C2 (confidence level: 100%)
urlhttps://gta-fportal.com/game
IRATA botnet C2 (confidence level: 100%)
urlhttps://gta-fportal.com
IRATA botnet C2 (confidence level: 100%)
urlhttp://weaselplacerif.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://plawers.com/toa/
Pikabot payload delivery URL (confidence level: 100%)
urlhttp://146.56.118.82:443/witi
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://5.101.0.245/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.101.0.241/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.101.0.245/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.101.0.241/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.130.42:88/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://81.161.229.129/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.237.62.65:4444/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.207.27.79:8080/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://123.249.115.56:8083/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://d2d756ulnohqjs.cloudfront.net/jdbc.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.70.141.123/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://122.9.136.39:7777/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.4.50.245:8010/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.12.60.132:5555/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.220.224.87:5555/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://175.178.150.86/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.222.149.52:4444/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.13.21:9998/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.71.130.71/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://165.22.225.110/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.146.158.207/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://211.149.146.23:10443/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.152.64.178:8086/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.205.189.199:6666/jd/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://upcls.online/c/msdownload/update/others/2020/10/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://79.110.62.156/c/msdownload/update/others/2020/10/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://81.71.68.50:8099/search/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://51.250.16.184/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://119.23.52.84:3333/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://72.44.69.115:8001/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://152.136.116.44:8032/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://117.72.35.30:2222/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.162.235.241/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.138.235.42/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://helloone.accountants.monster:8443/index.jsp
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.9.93.128/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.70.206:8888/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.140.199.163:8090/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://60.204.171.143/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.13.21:9999/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.156.4.204/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://acornservices.org/ex4600.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.107.233.55/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.134.154.168:6666/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.130.121.136:8888/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.140.198.4/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.223.62.233/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.46.91.89:4444/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.31.34.136:9988/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://123.60.140.76:8000/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://pbfenergy.azurewebsites.net/api/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.75.214.55/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.156.136.99:8087/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.6.15.130:9090/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.74.25.100:7777/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://119.45.188.119:8443/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.205.241.185:50000/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.235.42/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.154.247/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://119.23.229.180:8090/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://firefox.org.cn:8443/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.220.180.112:84/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://d2cpd93ebiah9g.cloudfront.net/jdbc.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.222.149.52:9999/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.4.154.20:81/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.156.161.35/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://120.25.167.104/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://wsexdrcftgyy191.com/vvmd54/
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://wsexdrcftgyy191.com/zgbn19mx
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://wsexdrcftgyy191.com/lander/chrome_1695206714/_index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://firmpanacewa.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://1.117.79.251:88/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://119.23.52.84:8000/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.42.101.185:8008/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-n0tf95ic-1305872204.gz.apigw.tencentcs.com/bootstrap-5.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.117.79.251:1234/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://lewispublishing.org/comments.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://local.silly-beer.com/comments.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://manfredfohringer.de/comments.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://markadsrad.ru.is/comments.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://185.225.75.242/download/xmrig.x86_64
Cpuminer botnet C2 (confidence level: 75%)
urlhttp://npskudlu.com/cllip.exe
Lumma Stealer payload delivery URL (confidence level: 50%)
urlhttp://begonblom.fun/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://60.204.202.16:9090/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.42.192.76/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://thuspulllig.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://45.15.156.141/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://192.168.0.199/c/msdownload/update/others/2016/12/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://162.14.98.165/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.137.102.137/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)

Threat ID: 68359c9d5d5f0974d01f5ed0

Added to database: 5/27/2025, 11:06:05 AM

Last enriched: 7/5/2025, 11:12:12 PM

Last updated: 8/5/2025, 11:36:36 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats