Skip to main content

ThreatFox IOCs for 2023-10-28

Medium
Published: Sat Oct 28 2023 (10/28/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-10-28

AI-Powered Analysis

AILast updated: 06/18/2025, 09:20:59 UTC

Technical Analysis

The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on 2023-10-28 by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, no specific affected software versions or products are identified, and no patches or known exploits are currently available. The threat level is indicated as medium (severity: medium, threatLevel: 2), with moderate distribution (distribution: 3) and minimal analysis detail (analysis: 1). The absence of concrete technical details such as malware family, attack vectors, or payload specifics limits the depth of technical understanding. The threat appears to be primarily related to the collection and dissemination of network activity data and payload delivery mechanisms, potentially used by threat actors to facilitate further malicious operations. Given the lack of specific indicators or exploit details, this threat likely represents a general awareness or intelligence update rather than an active, targeted campaign. The TLP (Traffic Light Protocol) classification as white indicates that the information is intended for public sharing without restrictions, further supporting the notion that this is an intelligence dissemination rather than an immediate critical threat. Overall, this threat represents a medium-level malware-related risk focused on OSINT and network activity, with limited actionable technical details at this time.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the absence of specific exploit details, affected software versions, or active known exploits in the wild. However, the focus on OSINT and network activity suggests potential risks related to reconnaissance and payload delivery phases of cyberattacks. If threat actors leverage these IOCs effectively, organizations could face increased exposure to targeted malware delivery or network intrusions. This could lead to data exfiltration, disruption of services, or compromise of sensitive information. The medium severity indicates that while immediate widespread damage is unlikely, organizations should remain vigilant, especially those with critical infrastructure or high-value data assets. The lack of patches or mitigation guidance implies that defensive measures must rely on detection and response capabilities rather than vulnerability remediation. European entities involved in sectors with high network exposure or those that actively monitor threat intelligence feeds may be more directly impacted, as they could be targeted for follow-up attacks using these IOCs.

Mitigation Recommendations

Given the nature of this threat as an OSINT and network activity-related malware with no specific patches or exploits, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related network activity and payload delivery attempts. 2) Conduct regular network traffic analysis to identify anomalous or suspicious communications that may align with the shared IOCs. 3) Maintain up-to-date threat intelligence feeds and ensure security teams are trained to interpret and act on OSINT-derived indicators. 4) Implement strict network segmentation and least privilege access controls to limit the potential impact of payload delivery. 5) Enhance email and web filtering solutions to reduce the risk of initial payload delivery vectors. 6) Conduct regular security awareness training focusing on recognizing social engineering and phishing attempts that could be used to deliver malware payloads. 7) Establish incident response playbooks that incorporate the analysis of OSINT and network activity indicators to enable rapid containment and remediation. These measures go beyond generic advice by emphasizing the operational integration of OSINT IOCs and proactive network monitoring tailored to the nature of this threat.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
ff57758a-42ab-41a8-acef-ad1f4de32d3c
Original Timestamp
1698537786

Indicators of Compromise

File

ValueDescriptionCopy
file101.34.83.16
Cobalt Strike botnet C2 server (confidence level: 80%)
file104.238.35.163
BianLian botnet C2 server (confidence level: 80%)
file147.78.47.231
Cobalt Strike botnet C2 server (confidence level: 80%)
file92.116.89.214
Deimos botnet C2 server (confidence level: 50%)
file161.189.238.234
Deimos botnet C2 server (confidence level: 50%)
file104.238.35.163
BianLian botnet C2 server (confidence level: 50%)
file104.238.35.163
BianLian botnet C2 server (confidence level: 50%)
file104.236.210.243
BianLian botnet C2 server (confidence level: 50%)
file45.56.165.27
BianLian botnet C2 server (confidence level: 50%)
file85.13.118.11
BianLian botnet C2 server (confidence level: 50%)
file157.230.124.53
Havoc botnet C2 server (confidence level: 50%)
file217.165.234.145
QakBot botnet C2 server (confidence level: 50%)
file41.99.8.115
QakBot botnet C2 server (confidence level: 50%)
file80.192.52.128
QakBot botnet C2 server (confidence level: 50%)
file105.102.31.198
QakBot botnet C2 server (confidence level: 50%)
file197.204.20.144
QakBot botnet C2 server (confidence level: 50%)
file78.180.83.241
QakBot botnet C2 server (confidence level: 50%)
file78.19.233.19
QakBot botnet C2 server (confidence level: 50%)
file112.213.101.73
DCRat botnet C2 server (confidence level: 50%)
file113.207.105.235
Unknown malware botnet C2 server (confidence level: 50%)
file222.88.186.81
Unknown malware botnet C2 server (confidence level: 50%)
file156.224.22.198
Unknown malware botnet C2 server (confidence level: 50%)
file139.144.31.103
Pikabot botnet C2 server (confidence level: 50%)
file91.109.190.5
AsyncRAT botnet C2 server (confidence level: 100%)
file62.233.50.25
Unknown malware botnet C2 server (confidence level: 80%)
file45.141.87.124
Mirai botnet C2 server (confidence level: 75%)
file93.123.85.12
Mirai botnet C2 server (confidence level: 75%)
file45.142.214.121
Sliver botnet C2 server (confidence level: 80%)
file47.98.158.167
Unknown malware botnet C2 server (confidence level: 80%)
file103.61.0.241
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.224.206.244
Cobalt Strike botnet C2 server (confidence level: 100%)
file65.21.101.233
Rhadamanthys botnet C2 server (confidence level: 100%)
file125.141.145.185
Get2 botnet C2 server (confidence level: 80%)
file146.0.79.25
Mekotio botnet C2 server (confidence level: 100%)
file109.107.182.211
RedLine Stealer botnet C2 server (confidence level: 100%)
file198.37.111.235
RedLine Stealer botnet C2 server (confidence level: 100%)
file146.0.79.23
Mekotio botnet C2 server (confidence level: 100%)
file185.222.58.238
RedLine Stealer botnet C2 server (confidence level: 100%)
file194.190.152.148
RedLine Stealer botnet C2 server (confidence level: 100%)
file188.121.110.191
Cobalt Strike botnet C2 server (confidence level: 100%)
file41.103.29.232
NjRAT botnet C2 server (confidence level: 100%)
file94.131.98.34
BianLian botnet C2 server (confidence level: 80%)
file185.81.157.112
AsyncRAT botnet C2 server (confidence level: 100%)
file91.109.190.5
AsyncRAT botnet C2 server (confidence level: 100%)
file187.24.69.150
AsyncRAT botnet C2 server (confidence level: 100%)
file91.208.92.210
AsyncRAT botnet C2 server (confidence level: 100%)
file197.246.196.91
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.12
AsyncRAT botnet C2 server (confidence level: 100%)
file141.164.37.178
AsyncRAT botnet C2 server (confidence level: 100%)
file141.164.37.178
AsyncRAT botnet C2 server (confidence level: 100%)
file107.148.8.5
Quasar RAT botnet C2 server (confidence level: 100%)
file118.70.46.160
Quasar RAT botnet C2 server (confidence level: 100%)
file81.161.229.91
DCRat botnet C2 server (confidence level: 100%)
file34.123.6.222
Unknown malware botnet C2 server (confidence level: 100%)
file108.142.191.239
Unknown malware botnet C2 server (confidence level: 100%)
file108.142.191.247
Unknown malware botnet C2 server (confidence level: 100%)
file139.224.198.190
Unknown malware botnet C2 server (confidence level: 100%)
file141.98.10.132
Venom RAT botnet C2 server (confidence level: 100%)
file185.196.9.51
Bashlite botnet C2 server (confidence level: 90%)
file46.30.188.150
DarkComet botnet C2 server (confidence level: 100%)
file189.250.25.77
DarkComet botnet C2 server (confidence level: 100%)
file189.250.25.77
DarkComet botnet C2 server (confidence level: 100%)
file189.250.25.77
DarkComet botnet C2 server (confidence level: 100%)
file189.250.25.77
DarkComet botnet C2 server (confidence level: 100%)
file189.250.25.77
DarkComet botnet C2 server (confidence level: 100%)
file189.250.25.77
DarkComet botnet C2 server (confidence level: 100%)
file121.32.27.111
ShadowPad botnet C2 server (confidence level: 90%)
file88.99.46.160
Sliver botnet C2 server (confidence level: 90%)
file8.142.69.99
Cobalt Strike botnet C2 server (confidence level: 100%)
file162.14.74.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.147.120.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.147.120.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.88.71.219
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.39.212
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.220.42.214
Cobalt Strike botnet C2 server (confidence level: 100%)
file165.22.234.230
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.247.29.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file176.9.122.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file156.224.26.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.221.174.192
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.60.199.202
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.219.251.170
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.128.97
Cobalt Strike botnet C2 server (confidence level: 100%)
file176.9.122.154
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.57.30.117
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.46.63.196
Cobalt Strike botnet C2 server (confidence level: 100%)
file75.119.142.33
Meterpreter botnet C2 server (confidence level: 80%)
file35.73.40.176
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file46.148.139.144
BianLian botnet C2 server (confidence level: 50%)
file104.238.35.163
BianLian botnet C2 server (confidence level: 50%)
file193.92.178.156
QakBot botnet C2 server (confidence level: 50%)
file220.79.237.55
QakBot botnet C2 server (confidence level: 50%)
file197.14.193.226
QakBot botnet C2 server (confidence level: 50%)
file71.104.100.168
QakBot botnet C2 server (confidence level: 50%)
file105.109.175.169
QakBot botnet C2 server (confidence level: 50%)
file88.252.226.162
QakBot botnet C2 server (confidence level: 50%)
file45.79.174.92
Pikabot botnet C2 server (confidence level: 50%)
file185.106.94.167
Pikabot botnet C2 server (confidence level: 50%)
file45.135.165.166
RedLine Stealer botnet C2 server (confidence level: 100%)
file194.26.135.137
Cobalt Strike botnet C2 server (confidence level: 80%)
file78.153.130.231
TitanStealer botnet C2 server (confidence level: 80%)
file82.115.223.71
TitanStealer botnet C2 server (confidence level: 80%)
file94.142.138.170
TitanStealer botnet C2 server (confidence level: 80%)
file94.142.138.145
TitanStealer botnet C2 server (confidence level: 80%)
file94.142.138.58
TitanStealer botnet C2 server (confidence level: 80%)
file89.23.98.188
TitanStealer botnet C2 server (confidence level: 80%)
file195.123.209.20
TitanStealer botnet C2 server (confidence level: 80%)
file159.69.95.42
TitanStealer botnet C2 server (confidence level: 80%)
file46.8.210.75
TitanStealer botnet C2 server (confidence level: 80%)
file77.73.133.88
TitanStealer botnet C2 server (confidence level: 80%)
file83.243.122.151
IcedID botnet C2 server (confidence level: 75%)
file80.85.141.108
Meterpreter botnet C2 server (confidence level: 80%)
file38.181.20.78
Ghost RAT botnet C2 server (confidence level: 100%)
file104.243.47.102
Unknown malware botnet C2 server (confidence level: 80%)
file3.234.189.133
Unknown malware botnet C2 server (confidence level: 80%)
file199.127.62.181
Unknown malware botnet C2 server (confidence level: 80%)
file95.181.173.181
Medusa botnet C2 server (confidence level: 80%)
file178.236.247.9
Medusa botnet C2 server (confidence level: 80%)
file185.26.239.246
Medusa botnet C2 server (confidence level: 80%)
file212.118.52.90
Medusa botnet C2 server (confidence level: 80%)
file8.217.23.144
Medusa botnet C2 server (confidence level: 80%)
file45.150.65.121
Medusa botnet C2 server (confidence level: 80%)
file20.0.25.177
Medusa botnet C2 server (confidence level: 80%)
file178.236.246.39
Medusa botnet C2 server (confidence level: 80%)
file109.107.181.169
Medusa botnet C2 server (confidence level: 80%)
file79.137.207.44
Medusa botnet C2 server (confidence level: 80%)
file78.141.239.24
Medusa botnet C2 server (confidence level: 80%)
file175.136.232.226
Havoc botnet C2 server (confidence level: 80%)
file175.136.232.225
Havoc botnet C2 server (confidence level: 80%)
file139.84.144.181
Havoc botnet C2 server (confidence level: 80%)
file57.128.171.220
Havoc botnet C2 server (confidence level: 80%)
file146.70.79.19
Havoc botnet C2 server (confidence level: 80%)
file161.142.78.158
Havoc botnet C2 server (confidence level: 80%)
file83.212.96.62
Havoc botnet C2 server (confidence level: 80%)
file85.209.11.185
QakBot botnet C2 server (confidence level: 50%)
file123.60.151.249
Cobalt Strike botnet C2 server (confidence level: 80%)
file3.131.147.49
DCRat botnet C2 server (confidence level: 80%)
file119.91.99.194
DCRat botnet C2 server (confidence level: 80%)
file141.98.6.98
DCRat botnet C2 server (confidence level: 80%)
file51.75.52.3
DCRat botnet C2 server (confidence level: 80%)
file119.91.99.194
DCRat botnet C2 server (confidence level: 80%)
file172.94.103.13
DCRat botnet C2 server (confidence level: 80%)
file45.138.16.187
DCRat botnet C2 server (confidence level: 80%)
file45.138.16.187
DCRat botnet C2 server (confidence level: 80%)
file107.189.169.135
DCRat botnet C2 server (confidence level: 80%)
file103.147.185.18
DCRat botnet C2 server (confidence level: 80%)
file77.91.124.111
DCRat botnet C2 server (confidence level: 80%)
file45.81.39.179
DCRat botnet C2 server (confidence level: 80%)
file5.181.80.69
DCRat botnet C2 server (confidence level: 80%)
file154.53.42.53
DCRat botnet C2 server (confidence level: 80%)
file107.175.243.138
DCRat botnet C2 server (confidence level: 80%)
file38.181.35.175
DCRat botnet C2 server (confidence level: 80%)
file164.92.246.58
DCRat botnet C2 server (confidence level: 80%)
file106.14.153.130
DCRat botnet C2 server (confidence level: 80%)
file5.161.143.161
RisePro botnet C2 server (confidence level: 80%)
file194.169.175.123
RisePro botnet C2 server (confidence level: 80%)
file45.135.232.54
RisePro botnet C2 server (confidence level: 80%)
file45.74.19.132
RisePro botnet C2 server (confidence level: 80%)
file194.169.175.125
RisePro botnet C2 server (confidence level: 80%)
file195.85.114.171
RisePro botnet C2 server (confidence level: 80%)
file95.214.25.240
RisePro botnet C2 server (confidence level: 80%)
file213.252.245.28
RisePro botnet C2 server (confidence level: 80%)
file193.56.255.166
RisePro botnet C2 server (confidence level: 80%)
file167.235.130.175
RisePro botnet C2 server (confidence level: 80%)
file193.31.118.35
RisePro botnet C2 server (confidence level: 80%)
file95.214.25.236
RisePro botnet C2 server (confidence level: 80%)
file45.11.91.14
RisePro botnet C2 server (confidence level: 80%)
file208.64.33.102
RisePro botnet C2 server (confidence level: 80%)
file79.137.202.91
RisePro botnet C2 server (confidence level: 80%)
file104.21.94.45
MintStealer botnet C2 server (confidence level: 80%)
file172.67.219.160
MintStealer botnet C2 server (confidence level: 80%)
file172.67.172.69
MintStealer botnet C2 server (confidence level: 80%)

Hash

ValueDescriptionCopy
hash30002
Cobalt Strike botnet C2 server (confidence level: 80%)
hash8443
BianLian botnet C2 server (confidence level: 80%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Deimos botnet C2 server (confidence level: 50%)
hash443
Deimos botnet C2 server (confidence level: 50%)
hash80
BianLian botnet C2 server (confidence level: 50%)
hash8000
BianLian botnet C2 server (confidence level: 50%)
hash8080
BianLian botnet C2 server (confidence level: 50%)
hash8000
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash1145
DCRat botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash23703
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash1194
Pikabot botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 80%)
hash13
Mirai botnet C2 server (confidence level: 75%)
hash1791
Mirai botnet C2 server (confidence level: 75%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash8888
Unknown malware botnet C2 server (confidence level: 80%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4714
Rhadamanthys botnet C2 server (confidence level: 100%)
hash443
Get2 botnet C2 server (confidence level: 80%)
hash11223
Mekotio botnet C2 server (confidence level: 100%)
hash28913
RedLine Stealer botnet C2 server (confidence level: 100%)
hash15804
RedLine Stealer botnet C2 server (confidence level: 100%)
hash11224
Mekotio botnet C2 server (confidence level: 100%)
hash55615
RedLine Stealer botnet C2 server (confidence level: 100%)
hash5871
RedLine Stealer botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash999
NjRAT botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 80%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash1411
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash6666
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4783
Quasar RAT botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash6667
DCRat botnet C2 server (confidence level: 100%)
hash30006
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
Venom RAT botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 90%)
hash62222
DarkComet botnet C2 server (confidence level: 100%)
hash2086
DarkComet botnet C2 server (confidence level: 100%)
hash2116
DarkComet botnet C2 server (confidence level: 100%)
hash2125
DarkComet botnet C2 server (confidence level: 100%)
hash2190
DarkComet botnet C2 server (confidence level: 100%)
hash2281
DarkComet botnet C2 server (confidence level: 100%)
hash1756
DarkComet botnet C2 server (confidence level: 100%)
hash8002
ShadowPad botnet C2 server (confidence level: 90%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash55443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash88
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5003
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5004
Cobalt Strike botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash22222
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash4444
BianLian botnet C2 server (confidence level: 50%)
hash5984
BianLian botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash1194
Pikabot botnet C2 server (confidence level: 50%)
hash5631
Pikabot botnet C2 server (confidence level: 50%)
hash13172
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash5000
TitanStealer botnet C2 server (confidence level: 80%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash6000
Ghost RAT botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 80%)
hash443
Unknown malware botnet C2 server (confidence level: 80%)
hash8080
Unknown malware botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash81
Medusa botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash80
Medusa botnet C2 server (confidence level: 80%)
hash8080
Havoc botnet C2 server (confidence level: 80%)
hash8080
Havoc botnet C2 server (confidence level: 80%)
hash443
Havoc botnet C2 server (confidence level: 80%)
hash443
Havoc botnet C2 server (confidence level: 80%)
hash80
Havoc botnet C2 server (confidence level: 80%)
hash8080
Havoc botnet C2 server (confidence level: 80%)
hash80
Havoc botnet C2 server (confidence level: 80%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 80%)
hash12994
DCRat botnet C2 server (confidence level: 80%)
hash8088
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash9898
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash1604
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8845
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash9087
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash443
MintStealer botnet C2 server (confidence level: 80%)
hash80
MintStealer botnet C2 server (confidence level: 80%)
hash443
MintStealer botnet C2 server (confidence level: 80%)

Url

ValueDescriptionCopy
urlhttp://175.24.176.154/api/settings
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://175.24.176.154:8443/api/settings
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.75.188.83:3306/
Vidar botnet C2 (confidence level: 100%)
urlhttp://momalua.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://kusmanin.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://39.108.189.188:1111/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.51.226.216/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.225.74.128:8080/compare/v1.44/vxk7p0gbe8
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.70.45.102:8090/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://89.23.103.35/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.61.0.241/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.234.72.74/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-m2easdvn-1303971391.bj.apigw.tencentcs.com/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.242.51.201/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.61.0.241:8080/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://85.175.101.203/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.66.171:85/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://mouseoiet.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://boddyshow.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://elizgerls.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://165.22.234.230/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainsdl.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domaincdm.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domaincfb.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domainadsh.vizvaz.com
IRATA payload delivery domain (confidence level: 100%)
domainrbm.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domainservice-m2easdvn-1303971391.bj.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingamesstartf.xyz
Mekotio botnet C2 domain (confidence level: 100%)
domainnuevo2gameslop.xyz
Mekotio botnet C2 domain (confidence level: 100%)
domainnuevoconceti.xyz
Mekotio botnet C2 domain (confidence level: 100%)
domainrepicdominic.xyz
Mekotio botnet C2 domain (confidence level: 100%)
domain1.jangholi.info
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.buesem2021.com
Havoc botnet C2 domain (confidence level: 100%)
domainec2-54-94-98-53.sa-east-1.compute.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainhavoc.riggcorp.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainen.voiceaipro.com
Unknown malware payload delivery domain (confidence level: 100%)
domainen.voice-ai.store
Unknown malware payload delivery domain (confidence level: 100%)
domainvoice.2005thavenue.com
Unknown malware payload delivery domain (confidence level: 100%)

Threat ID: 682acdc2bbaf20d303f18491

Added to database: 5/19/2025, 6:20:50 AM

Last enriched: 6/18/2025, 9:20:59 AM

Last updated: 8/16/2025, 11:12:31 AM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats