Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2023-10-15

Medium
Malwaretype:osinttlp:white
Published: Sun Oct 15 2023 (10/15/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-10-15

AI-Powered Analysis

AILast updated: 06/19/2025, 13:20:21 UTC

Technical Analysis

The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2023-10-15," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The threat is categorized under malware but lacks detailed technical indicators such as specific malware family names, attack vectors, affected software versions, or exploit mechanisms. The absence of concrete indicators of compromise (IOCs) and technical specifics limits the ability to perform a deep technical dissection. However, the threat is tagged as 'type:osint' and 'tlp:white,' indicating that the information is openly shareable and derived from open-source intelligence. The threat level is rated as 2 (on an unspecified scale), with analysis and distribution scores of 1 and 3 respectively, suggesting moderate dissemination but limited analytical depth. No known exploits in the wild have been reported, and there are no patches or mitigations linked to this threat. The lack of CWE identifiers and affected product versions further constrains detailed technical assessment. Overall, this appears to be a collection or update of IOCs related to malware activity as of October 15, 2023, intended for situational awareness rather than an active, high-impact exploit campaign.

Potential Impact

Given the limited technical details and absence of known active exploits, the immediate impact on European organizations is likely to be low to medium. The threat represents potential malware activity that could be used in targeted or opportunistic attacks, but without specific exploitation methods or affected software, the risk remains generalized. European organizations relying on OSINT feeds like ThreatFox for threat intelligence could benefit from early detection of emerging malware trends. However, the lack of actionable IOCs or exploit details means that direct operational impact, such as data breaches, service disruptions, or integrity compromises, is currently minimal. The medium severity rating suggests a need for vigilance but not immediate crisis response. Organizations in sectors with high exposure to malware threats, such as finance, critical infrastructure, and government, should monitor updates closely to anticipate any evolution of this threat.

Mitigation Recommendations

1. Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) systems to enhance early detection capabilities. 2. Maintain up-to-date endpoint protection solutions capable of heuristic and behavior-based malware detection, as specific signatures are not yet available. 3. Conduct regular threat hunting exercises focusing on anomalous activities that may correlate with emerging malware patterns reported in OSINT. 4. Enhance user awareness training emphasizing cautious handling of unsolicited files and links, given the general nature of malware threats. 5. Establish robust incident response procedures that can quickly adapt to new intelligence as more detailed IOCs become available. 6. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share and receive timely threat intelligence updates. These steps go beyond generic advice by emphasizing integration of OSINT feeds, proactive threat hunting, and inter-organizational collaboration tailored to the evolving nature of malware threats without specific signatures.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
ItalyItaly
SpainSpain
NetherlandsNetherlands
PolandPoland
BelgiumBelgium
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
eda97085-5918-43a9-8d6a-7214a840024e
Original Timestamp
1697414586

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://funnyorgos.site/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://89.47.1.10/autdolorem.php
Agent Tesla botnet C2 (confidence level: 100%)
urlhttp://89.47.1.10/news.php
Agent Tesla botnet C2 (confidence level: 100%)
urlhttp://89.47.1.10/eaipsa.php
Agent Tesla botnet C2 (confidence level: 100%)
urlhttp://89.47.1.10/bin/omegle.php
Agent Tesla botnet C2 (confidence level: 100%)
urlhttp://85.209.11.199/b9djs2g/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://119.91.207.9:8089/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://217.196.96.16/155736047db03637.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://92.63.196.46:8092/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://120.24.38.217:4433/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://165.227.141.64:4433/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-gw6u6362-1318524606.gz.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.9.135.250:20002/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://165.227.141.64/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://clearmu.top/blacknet/receive.php
BlackNET RAT botnet C2 (confidence level: 100%)
urlhttps://43.135.22.17:4443/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://62.234.53.167/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.consumershop.lenovo.com.cn.d4e97cc6.cdnhwcggk22.com/oscp/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-00o1njdx-1317238936.sh.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.70.82.142/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.70.82.142/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.micorsoft.pro:8443/fd/ls/lsp.aspx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.132.56.147/introduction/edr
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-euf0eusq-1317136909.gz.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.42.22.120/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.iii-service.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.24.128.43:8888/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.116.49.242/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.139.107.237:10001/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.221.227/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://downsexv.com:8443/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.136.14.250:8080/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.edittns.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.224.188.139/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://175.178.99.133:5555/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://193.37.69.48/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://39.100.83.53/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://193.37.69.48/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.139.79.52:7777/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-iord9vog-1317136909.gz.apigw.tencentcs.com/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.142.116:8087/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://52.66.17.82:9443/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://132.145.126.111/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.130.64.49/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://175.178.247.232/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://comeonlogistics.com/def/reklama/x6alr835bblb
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.107.67.137:81/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://198.211.5.240:8087/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://bismillahsolutions.com/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.12.231.99/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.215.2:8081/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cins.hin7lostvas.pro:2083/boxes.css
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://willywilk.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://membaers.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://85.175.101.203/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.103.106.214/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://92.63.196.46:8092/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.134.85.39/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://165.227.141.64/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://208.64.224.190/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.140.245.246/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://golds-touch.com/show/redirect/vvgplutb6i
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.93.34.203/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file94.156.6.228
RedLine Stealer botnet C2 server (confidence level: 100%)
file93.95.230.215
Sliver botnet C2 server (confidence level: 50%)
file93.95.230.215
Sliver botnet C2 server (confidence level: 50%)
file112.29.177.254
Deimos botnet C2 server (confidence level: 50%)
file20.106.112.43
Responder botnet C2 server (confidence level: 50%)
file52.24.78.22
Responder botnet C2 server (confidence level: 50%)
file41.99.119.32
QakBot botnet C2 server (confidence level: 50%)
file105.108.43.99
QakBot botnet C2 server (confidence level: 50%)
file77.126.191.61
QakBot botnet C2 server (confidence level: 50%)
file189.176.47.195
QakBot botnet C2 server (confidence level: 50%)
file174.164.68.180
QakBot botnet C2 server (confidence level: 50%)
file194.36.177.94
DCRat botnet C2 server (confidence level: 50%)
file107.172.43.167
Unknown malware botnet C2 server (confidence level: 50%)
file146.56.118.82
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.125.67.27
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.237.1.241
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.45.144
Cobalt Strike botnet C2 server (confidence level: 100%)
file85.10.151.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file62.234.53.167
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.132.56.147
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.15.29.41
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.56.118.82
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.122.160.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file167.179.99.125
Cobalt Strike botnet C2 server (confidence level: 100%)
file66.42.81.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.52.97.143
VBREVSHELL botnet C2 server (confidence level: 50%)
file27.124.47.147
VBREVSHELL botnet C2 server (confidence level: 50%)
file134.122.132.52
VBREVSHELL botnet C2 server (confidence level: 50%)
file172.247.35.240
VBREVSHELL botnet C2 server (confidence level: 50%)
file167.179.99.125
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.59.161.13
RedLine Stealer botnet C2 server (confidence level: 100%)
file193.42.32.99
Stealc botnet C2 server (confidence level: 75%)
file77.91.78.245
Stealc botnet C2 server (confidence level: 75%)
file91.103.253.2
Stealc botnet C2 server (confidence level: 75%)
file91.212.166.50
Stealc botnet C2 server (confidence level: 75%)
file45.155.250.218
Stealc botnet C2 server (confidence level: 75%)
file94.228.169.55
Stealc botnet C2 server (confidence level: 75%)
file194.169.175.126
Stealc botnet C2 server (confidence level: 75%)
file171.22.28.221
Stealc botnet C2 server (confidence level: 75%)
file91.103.252.146
Stealc botnet C2 server (confidence level: 75%)
file142.132.186.212
Stealc botnet C2 server (confidence level: 75%)
file167.235.136.41
Stealc botnet C2 server (confidence level: 75%)
file85.209.11.51
Stealc botnet C2 server (confidence level: 75%)
file65.21.150.74
Stealc botnet C2 server (confidence level: 75%)
file91.212.166.95
Stealc botnet C2 server (confidence level: 75%)
file77.83.92.234
Stealc botnet C2 server (confidence level: 75%)
file45.9.74.92
Stealc botnet C2 server (confidence level: 75%)
file185.244.48.221
Stealc botnet C2 server (confidence level: 75%)
file5.42.6.7
Stealc botnet C2 server (confidence level: 75%)
file45.15.157.135
Stealc botnet C2 server (confidence level: 75%)
file194.59.31.66
Stealc botnet C2 server (confidence level: 75%)
file5.78.104.95
Stealc botnet C2 server (confidence level: 75%)
file94.228.170.65
Stealc botnet C2 server (confidence level: 75%)
file95.214.25.241
Stealc botnet C2 server (confidence level: 75%)
file193.201.8.110
Stealc botnet C2 server (confidence level: 75%)
file91.107.224.80
Stealc botnet C2 server (confidence level: 75%)
file89.23.98.151
Stealc botnet C2 server (confidence level: 75%)
file62.113.115.22
Stealc botnet C2 server (confidence level: 75%)
file116.203.55.91
Stealc botnet C2 server (confidence level: 75%)
file152.89.198.3
Stealc botnet C2 server (confidence level: 75%)
file45.9.74.92
Stealc botnet C2 server (confidence level: 75%)
file217.196.96.138
Stealc botnet C2 server (confidence level: 75%)
file185.244.48.81
Stealc botnet C2 server (confidence level: 75%)
file45.147.197.114
Stealc botnet C2 server (confidence level: 75%)
file5.161.188.133
Stealc botnet C2 server (confidence level: 75%)
file185.254.37.234
Stealc botnet C2 server (confidence level: 75%)
file80.92.206.215
Stealc botnet C2 server (confidence level: 75%)
file78.47.166.143
Stealc botnet C2 server (confidence level: 75%)
file185.209.161.53
Stealc botnet C2 server (confidence level: 75%)
file78.135.73.160
solarmarker botnet C2 server (confidence level: 75%)
file146.70.125.68
solarmarker botnet C2 server (confidence level: 75%)
file146.70.157.224
solarmarker botnet C2 server (confidence level: 75%)
file78.135.73.148
solarmarker botnet C2 server (confidence level: 75%)
file146.70.40.228
solarmarker botnet C2 server (confidence level: 75%)
file91.206.178.106
solarmarker botnet C2 server (confidence level: 75%)
file146.70.86.140
solarmarker botnet C2 server (confidence level: 75%)
file146.70.104.173
solarmarker botnet C2 server (confidence level: 75%)
file194.169.175.232
Ave Maria botnet C2 server (confidence level: 100%)
file45.86.163.114
RedLine Stealer botnet C2 server (confidence level: 100%)
file78.47.171.102
RedLine Stealer botnet C2 server (confidence level: 100%)
file93.95.229.192
Sliver botnet C2 server (confidence level: 50%)
file93.95.229.192
Sliver botnet C2 server (confidence level: 50%)
file93.95.229.192
Sliver botnet C2 server (confidence level: 50%)
file104.218.54.245
Unknown malware botnet C2 server (confidence level: 50%)
file217.78.49.245
QakBot botnet C2 server (confidence level: 50%)
file2.91.187.238
QakBot botnet C2 server (confidence level: 50%)
file91.180.67.255
QakBot botnet C2 server (confidence level: 50%)
file216.118.230.114
Unknown malware botnet C2 server (confidence level: 50%)
file118.195.162.65
Cobalt Strike botnet C2 server (confidence level: 100%)
file208.64.224.190
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.140.245.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file84.32.131.8
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.93.34.203
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.203.156.63
RedLine Stealer botnet C2 server (confidence level: 100%)
file65.109.241.130
RedLine Stealer botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash43021
RedLine Stealer botnet C2 server (confidence level: 100%)
hash4023d96589970420857763ffa1f1fd0eb79668344e095f9e81f851e479e776cc
Agent Tesla payload (confidence level: 50%)
hash0faa8438b97ba137f50e7b05f40c32ff51cb100655dd472908200cbd6db5f648
Agent Tesla payload (confidence level: 50%)
hash9688528dbaf75125004db4392eef3a26774f3b41eebfd88092075f1c7357ea36
Agent Tesla payload (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8888
Sliver botnet C2 server (confidence level: 50%)
hash10036
Deimos botnet C2 server (confidence level: 50%)
hash80
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash9999
DCRat botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082
VBREVSHELL botnet C2 server (confidence level: 50%)
hash8088
VBREVSHELL botnet C2 server (confidence level: 50%)
hash8082
VBREVSHELL botnet C2 server (confidence level: 50%)
hash8082
VBREVSHELL botnet C2 server (confidence level: 50%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash39199
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash443
solarmarker botnet C2 server (confidence level: 75%)
hash443
solarmarker botnet C2 server (confidence level: 75%)
hash443
solarmarker botnet C2 server (confidence level: 75%)
hash443
solarmarker botnet C2 server (confidence level: 75%)
hash443
solarmarker botnet C2 server (confidence level: 75%)
hash443
solarmarker botnet C2 server (confidence level: 75%)
hash443
solarmarker botnet C2 server (confidence level: 75%)
hash443
solarmarker botnet C2 server (confidence level: 75%)
hash5200
Ave Maria botnet C2 server (confidence level: 100%)
hash8443
RedLine Stealer botnet C2 server (confidence level: 100%)
hash6264
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 50%)
hash8888
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash63342
Unknown malware botnet C2 server (confidence level: 50%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash28564
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8443
RedLine Stealer botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainns1.downsexv.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainnc1.downsexv.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincasc.polytechit.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns1.jieinchangan.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns2.jieinchangan.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaindc.sunsetwxllc.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaina.verbinding-voor-cobalt.nl
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-gw6u6362-1318524606.gz.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.consumershop.lenovo.com.cn.d4e97cc6.cdnhwcggk22.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-00o1njdx-1317238936.sh.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.micorsoft.pro
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-euf0eusq-1317136909.gz.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.iii-service.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.edittns.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-iord9vog-1317136909.gz.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincomeonlogistics.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbismillahsolutions.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainnzul13-3-23.duckdns.org
NjRAT botnet C2 domain (confidence level: 100%)
domainnzul13-3-23.duckdns.org
NjRAT botnet C2 domain (confidence level: 100%)
domain1.tcp.sa.ngrok.io
NjRAT botnet C2 domain (confidence level: 100%)
domaindiscord-gg.duckdns.org
NjRAT botnet C2 domain (confidence level: 100%)
domaindiscord-gg.duckdns.org
NjRAT botnet C2 domain (confidence level: 100%)
domainupdater-discord.duckdns.org
NjRAT botnet C2 domain (confidence level: 100%)
domainestreno1-caso.duckdns.org
NjRAT botnet C2 domain (confidence level: 100%)
domaindiscord-gg.duckdns.org
NjRAT botnet C2 domain (confidence level: 100%)
domaindiscord-gg.duckdns.org
NjRAT botnet C2 domain (confidence level: 100%)
domainns1.ga0.co
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns2.ga0.co
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns3.ga0.co
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingolds-touch.com
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682c7abfe3e6de8ceb75f350

Added to database: 5/20/2025, 12:51:11 PM

Last enriched: 6/19/2025, 1:20:21 PM

Last updated: 8/15/2025, 12:57:50 AM

Views: 10

Related Threats

ThreatFox IOCs for 2025-08-14

Medium
MalwareFri Aug 15 2025

On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware

Medium
MalwareThu Aug 14 2025

A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode

Medium
MalwareThu Aug 14 2025

PhantomCard: New NFC-driven Android malware emerging in Brazil

Medium
MalwareThu Aug 14 2025

ThreatFox IOCs for 2025-08-13

Medium
MalwareThu Aug 14 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats