Skip to main content

ThreatFox IOCs for 2023-10-28

Medium
Published: Sat Oct 28 2023 (10/28/2023, 00:00:00 UTC)
Source: MISP

Description

ThreatFox IOCs for 2023-10-28

AI-Powered Analysis

AILast updated: 07/03/2025, 06:54:54 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-10-28 via ThreatFox, a platform for sharing threat intelligence. However, the data lacks specific technical details about the nature of the threat, affected systems, attack vectors, or malware involved. The threat type is marked as 'unknown,' and no affected software versions or CWE identifiers are provided. The threat level is indicated as 2 (on an unspecified scale), with minimal analysis (1) and moderate distribution (3). No known exploits are reported in the wild, and no patch links or mitigation details are included. The tags indicate this is OSINT (Open Source Intelligence) data with a TLP (Traffic Light Protocol) white classification, meaning it is public information. The absence of concrete technical indicators or exploit details limits the ability to provide a detailed technical explanation. Essentially, this entry appears to be a placeholder or a general IOC update without actionable threat specifics.

Potential Impact

Due to the lack of detailed information about the threat, its attack vectors, or targeted systems, it is challenging to assess the direct impact on European organizations. The medium severity rating suggests some level of concern, but without concrete exploit data or affected products, the potential impact remains speculative. Generally, IOCs help organizations detect and respond to threats, so the availability of these IOCs could aid European cybersecurity teams in early detection if these indicators correspond to active or emerging threats. However, since no known exploits are reported and no specific vulnerabilities are identified, the immediate risk to confidentiality, integrity, or availability for European entities is likely low to medium at this stage.

Mitigation Recommendations

Given the limited information, practical mitigation steps include integrating these IOCs into existing security monitoring tools such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) systems to enhance detection capabilities. Organizations should maintain up-to-date threat intelligence feeds and ensure their security teams are aware of the new IOCs for correlation with internal logs. Regularly reviewing and tuning detection rules to minimize false positives is advisable. Additionally, maintaining robust general cybersecurity hygiene—such as timely patching of known vulnerabilities, network segmentation, and user awareness training—remains critical. Since no specific vulnerabilities or exploits are identified, no targeted patches or configuration changes can be recommended at this time.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3

Indicators of Compromise

Ip dst|port

ValueDescriptionCopy
ip-dst|port101.34.83.16|30002
Cobalt Strike botnet C2 server (confidence level: 80%)
ip-dst|port104.238.35.163|8443
BianLian botnet C2 server (confidence level: 80%)
ip-dst|port147.78.47.231|7777
Cobalt Strike botnet C2 server (confidence level: 80%)
ip-dst|port92.116.89.214|443
Deimos botnet C2 server (confidence level: 50%)
ip-dst|port161.189.238.234|443
Deimos botnet C2 server (confidence level: 50%)
ip-dst|port104.238.35.163|80
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port104.238.35.163|8000
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port104.236.210.243|8080
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port45.56.165.27|8000
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port85.13.118.11|443
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port157.230.124.53|443
Havoc botnet C2 server (confidence level: 50%)
ip-dst|port217.165.234.145|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port41.99.8.115|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port80.192.52.128|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port105.102.31.198|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port197.204.20.144|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port78.180.83.241|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port78.19.233.19|2222
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port112.213.101.73|1145
DCRat botnet C2 server (confidence level: 50%)
ip-dst|port113.207.105.235|8888
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port222.88.186.81|23703
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port156.224.22.198|8888
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port139.144.31.103|1194
Pikabot botnet C2 server (confidence level: 50%)
ip-dst|port91.109.190.5|7707
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port62.233.50.25|7443
Unknown malware botnet C2 server (confidence level: 80%)
ip-dst|port45.141.87.124|13
Mirai botnet C2 server (confidence level: 75%)
ip-dst|port93.123.85.12|1791
Mirai botnet C2 server (confidence level: 75%)
ip-dst|port45.142.214.121|2376
Sliver botnet C2 server (confidence level: 80%)
ip-dst|port47.98.158.167|8888
Unknown malware botnet C2 server (confidence level: 80%)
ip-dst|port103.61.0.241|4444
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port139.224.206.244|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port65.21.101.233|4714
Rhadamanthys botnet C2 server (confidence level: 100%)
ip-dst|port125.141.145.185|443
Get2 botnet C2 server (confidence level: 80%)
ip-dst|port146.0.79.25|11223
Mekotio botnet C2 server (confidence level: 100%)
ip-dst|port109.107.182.211|28913
RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst|port198.37.111.235|15804
RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst|port146.0.79.23|11224
Mekotio botnet C2 server (confidence level: 100%)
ip-dst|port185.222.58.238|55615
RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst|port194.190.152.148|5871
RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst|port188.121.110.191|53
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port41.103.29.232|999
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port94.131.98.34|443
BianLian botnet C2 server (confidence level: 80%)
ip-dst|port185.81.157.112|6606
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port91.109.190.5|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port187.24.69.150|8888
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port91.208.92.210|1411
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port197.246.196.91|9999
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port185.81.157.12|6666
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port141.164.37.178|6606
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port141.164.37.178|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port107.148.8.5|4783
Quasar RAT botnet C2 server (confidence level: 100%)
ip-dst|port118.70.46.160|8080
Quasar RAT botnet C2 server (confidence level: 100%)
ip-dst|port81.161.229.91|6667
DCRat botnet C2 server (confidence level: 100%)
ip-dst|port34.123.6.222|30006
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port108.142.191.239|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port108.142.191.247|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port139.224.198.190|8888
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port141.98.10.132|4444
Venom RAT botnet C2 server (confidence level: 100%)
ip-dst|port185.196.9.51|23
Bashlite botnet C2 server (confidence level: 90%)
ip-dst|port46.30.188.150|62222
DarkComet botnet C2 server (confidence level: 100%)
ip-dst|port189.250.25.77|2086
DarkComet botnet C2 server (confidence level: 100%)
ip-dst|port189.250.25.77|2116
DarkComet botnet C2 server (confidence level: 100%)
ip-dst|port189.250.25.77|2125
DarkComet botnet C2 server (confidence level: 100%)
ip-dst|port189.250.25.77|2190
DarkComet botnet C2 server (confidence level: 100%)
ip-dst|port189.250.25.77|2281
DarkComet botnet C2 server (confidence level: 100%)
ip-dst|port189.250.25.77|1756
DarkComet botnet C2 server (confidence level: 100%)
ip-dst|port121.32.27.111|8002
ShadowPad botnet C2 server (confidence level: 90%)
ip-dst|port88.99.46.160|31337
Sliver botnet C2 server (confidence level: 90%)
ip-dst|port8.142.69.99|55443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port162.14.74.124|88
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port54.147.120.150|5003
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port54.147.120.150|5004
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port149.88.71.219|81
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port43.138.39.212|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port124.220.42.214|4433
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port165.22.234.230|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port103.247.29.175|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port176.9.122.103|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port156.224.26.49|5555
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port124.221.174.192|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port38.60.199.202|8443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port8.219.251.170|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port8.130.128.97|8081
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port176.9.122.154|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port123.57.30.117|22222
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port120.46.63.196|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port75.119.142.33|3790
Meterpreter botnet C2 server (confidence level: 80%)
ip-dst|port35.73.40.176|80
Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst|port46.148.139.144|4444
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port104.238.35.163|5984
BianLian botnet C2 server (confidence level: 50%)
ip-dst|port193.92.178.156|995
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port220.79.237.55|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port197.14.193.226|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port71.104.100.168|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port105.109.175.169|995
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port88.252.226.162|443
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port45.79.174.92|1194
Pikabot botnet C2 server (confidence level: 50%)
ip-dst|port185.106.94.167|5631
Pikabot botnet C2 server (confidence level: 50%)
ip-dst|port45.135.165.166|13172
RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst|port194.26.135.137|80
Cobalt Strike botnet C2 server (confidence level: 80%)
ip-dst|port78.153.130.231|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port82.115.223.71|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port94.142.138.170|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port94.142.138.145|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port94.142.138.58|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port89.23.98.188|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port195.123.209.20|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port159.69.95.42|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port46.8.210.75|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port77.73.133.88|5000
TitanStealer botnet C2 server (confidence level: 80%)
ip-dst|port83.243.122.151|80
IcedID botnet C2 server (confidence level: 75%)
ip-dst|port80.85.141.108|3790
Meterpreter botnet C2 server (confidence level: 80%)
ip-dst|port38.181.20.78|6000
Ghost RAT botnet C2 server (confidence level: 100%)
ip-dst|port104.243.47.102|8080
Unknown malware botnet C2 server (confidence level: 80%)
ip-dst|port3.234.189.133|443
Unknown malware botnet C2 server (confidence level: 80%)
ip-dst|port199.127.62.181|8080
Unknown malware botnet C2 server (confidence level: 80%)
ip-dst|port95.181.173.181|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port178.236.247.9|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port185.26.239.246|81
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port212.118.52.90|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port8.217.23.144|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port45.150.65.121|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port20.0.25.177|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port178.236.246.39|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port109.107.181.169|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port79.137.207.44|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port78.141.239.24|80
Medusa botnet C2 server (confidence level: 80%)
ip-dst|port175.136.232.226|8080
Havoc botnet C2 server (confidence level: 80%)
ip-dst|port175.136.232.225|8080
Havoc botnet C2 server (confidence level: 80%)
ip-dst|port139.84.144.181|443
Havoc botnet C2 server (confidence level: 80%)
ip-dst|port57.128.171.220|443
Havoc botnet C2 server (confidence level: 80%)
ip-dst|port146.70.79.19|80
Havoc botnet C2 server (confidence level: 80%)
ip-dst|port161.142.78.158|8080
Havoc botnet C2 server (confidence level: 80%)
ip-dst|port83.212.96.62|80
Havoc botnet C2 server (confidence level: 80%)
ip-dst|port85.209.11.185|2222
QakBot botnet C2 server (confidence level: 50%)
ip-dst|port123.60.151.249|6666
Cobalt Strike botnet C2 server (confidence level: 80%)
ip-dst|port3.131.147.49|12994
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port119.91.99.194|8088
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port141.98.6.98|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port51.75.52.3|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port119.91.99.194|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port172.94.103.13|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port45.138.16.187|9898
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port45.138.16.187|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port107.189.169.135|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port103.147.185.18|1604
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port77.91.124.111|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port45.81.39.179|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port5.181.80.69|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port154.53.42.53|8845
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port107.175.243.138|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port38.181.35.175|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port164.92.246.58|9087
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port106.14.153.130|8848
DCRat botnet C2 server (confidence level: 80%)
ip-dst|port5.161.143.161|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port194.169.175.123|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port45.135.232.54|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port45.74.19.132|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port194.169.175.125|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port195.85.114.171|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port95.214.25.240|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port213.252.245.28|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port193.56.255.166|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port167.235.130.175|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port193.31.118.35|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port95.214.25.236|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port45.11.91.14|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port208.64.33.102|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port79.137.202.91|8081
RisePro botnet C2 server (confidence level: 80%)
ip-dst|port104.21.94.45|443
MintStealer botnet C2 server (confidence level: 80%)
ip-dst|port172.67.219.160|80
MintStealer botnet C2 server (confidence level: 80%)
ip-dst|port172.67.172.69|443
MintStealer botnet C2 server (confidence level: 80%)

Url

ValueDescriptionCopy
urlhttp://175.24.176.154/api/settings
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://175.24.176.154:8443/api/settings
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.75.188.83:3306/
Vidar botnet C2 (confidence level: 100%)
urlhttp://momalua.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://kusmanin.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://39.108.189.188:1111/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.51.226.216/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.225.74.128:8080/compare/v1.44/vxk7p0gbe8
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.70.45.102:8090/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://89.23.103.35/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.61.0.241/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.234.72.74/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-m2easdvn-1303971391.bj.apigw.tencentcs.com/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.242.51.201/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.61.0.241:8080/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://85.175.101.203/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.66.171:85/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://mouseoiet.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://boddyshow.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://elizgerls.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://165.22.234.230/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainsdl.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domaincdm.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domaincfb.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domainadsh.vizvaz.com
IRATA payload delivery domain (confidence level: 100%)
domainrbm.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domainservice-m2easdvn-1303971391.bj.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingamesstartf.xyz
Mekotio botnet C2 domain (confidence level: 100%)
domainnuevo2gameslop.xyz
Mekotio botnet C2 domain (confidence level: 100%)
domainnuevoconceti.xyz
Mekotio botnet C2 domain (confidence level: 100%)
domainrepicdominic.xyz
Mekotio botnet C2 domain (confidence level: 100%)
domain1.jangholi.info
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.buesem2021.com
Havoc botnet C2 domain (confidence level: 100%)
domainec2-54-94-98-53.sa-east-1.compute.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainhavoc.riggcorp.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainen.voiceaipro.com
Unknown malware payload delivery domain (confidence level: 100%)
domainen.voice-ai.store
Unknown malware payload delivery domain (confidence level: 100%)
domainvoice.2005thavenue.com
Unknown malware payload delivery domain (confidence level: 100%)

Threat ID: 6828eab9e1a0c275ea6e3104

Added to database: 5/17/2025, 7:59:53 PM

Last enriched: 7/3/2025, 6:54:54 AM

Last updated: 8/15/2025, 4:34:53 AM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats