ThreatFox IOCs for 2023-11-15

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-11-15 by the ThreatFox MISP Feed, categorized under malware and OSINT (Open Source Intelligence). The data appears to focus on network activity and payload delivery mechanisms, which are common vectors for malware propagation and command-and-control communications. However, the details are limited, with no specific affected software versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium, with a threatLevel score of 2 and distribution score of 3, suggesting moderate dissemination potential but limited immediate impact or sophistication. The absence of concrete technical indicators or CWEs (Common Weakness Enumerations) implies that this is a general intelligence update rather than a description of a novel or active exploit. The classification as OSINT and network activity suggests the threat intelligence is primarily focused on detection and monitoring rather than describing a direct vulnerability or exploit. Overall, this appears to be an informational update on malware-related IOCs rather than a detailed vulnerability or active threat campaign.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in enhancing situational awareness and improving detection capabilities. Since there are no known active exploits or patches, the immediate risk of compromise is low to medium. However, the presence of payload delivery and network activity indicators means organizations could be targeted by malware campaigns leveraging these IOCs for initial access or lateral movement. European entities with extensive network infrastructure and those in critical sectors such as finance, energy, and government should consider this intelligence as part of their threat hunting and monitoring processes. The lack of specific affected products or vulnerabilities limits the direct operational impact but underscores the need for continuous monitoring of network traffic and endpoint behavior to detect potential malicious activity early.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Conduct proactive threat hunting exercises using the updated IOCs to identify any signs of compromise within the network. 3. Maintain up-to-date network segmentation and strict access controls to limit potential lateral movement if payload delivery attempts occur. 4. Regularly update and patch all systems and software, even though no specific patches are indicated, to reduce the attack surface. 5. Educate security teams on the latest OSINT feeds and encourage collaboration with threat intelligence sharing platforms to stay informed about emerging threats. 6. Implement network traffic analysis tools to monitor for unusual or suspicious payload delivery patterns that align with the IOCs. 7. Review and update incident response plans to incorporate detection and response strategies for malware-related network activity.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://shohetrc.com/forum/index.php
url: http://shohetrc.com/forum/login.php
url: http://shohetrc.com/forum/index.php?scr=1
url: http://tceducn.com/forum/index.php
url: http://tceducn.com/forum/login.php
url: http://shohetrc.com/forum/plugins/clip64.dll
url: http://shohetrc.com/forum/plugins/cred64.dll
url: https://planbusiness.com.tr/nmm2yjmyyje4mmmx/
url: https://planlimited.com.tr/nmm2yjmyyje4mmmx/
url: https://planultra.com.tr/nmm2yjmyyje4mmmx/
url: https://octobusiness.com.tr/nmm2yjmyyje4mmmx/
url: https://businessocto.com.tr/nmm2yjmyyje4mmmx/
url: https://94.156.68.231/nmm2yjmyyje4mmmx/
url: https://mmma8291play.xyz/nmm2yjmyyje4mmmx/
url: https://94.156.68.232/nmm2yjmyyje4mmmx/
url: https://94.156.68.233/nmm2yjmyyje4mmmx/
url: https://94.156.68.234/nmm2yjmyyje4mmmx/
url: https://mmma8291play.net/nmm2yjmyyje4mmmx/
url: https://mmma8291play.com/nmm2yjmyyje4mmmx/
url: https://mmma7811play.net/nmm2yjmyyje4mmmx/
url: https://mmma7811play.xyz/nmm2yjmyyje4mmmx/
url: https://mmma7811play.com/nmm2yjmyyje4mmmx/
url: http://amzoneyfotela.net/
url: http://aynedfer.net/
url: http://terekovenzozsen.net/
file: 111.230.198.166
hash: 80
file: 101.36.110.122
hash: 443
file: 54.174.89.226
hash: 8083
file: 83.40.181.55
hash: 3790
file: 65.49.210.124
hash: 443
url: https://8.210.141.104/owa/
url: https://8.210.141.104/ews/2012
file: 8.210.141.104
hash: 443
file: 141.164.62.87
hash: 8443
file: 178.190.102.43
hash: 2376
file: 103.212.81.158
hash: 3050
file: 52.61.168.199
hash: 80
url: http://185.29.10.12/2023/panel/index.php
file: 45.85.249.39
hash: 3790
file: 34.245.119.31
hash: 443
file: 162.14.102.159
hash: 443
file: 54.193.91.232
hash: 9443
file: 170.64.171.160
hash: 443
file: 144.76.182.181
hash: 443
file: 34.81.238.204
hash: 445
file: 3.97.232.186
hash: 445
file: 54.186.60.102
hash: 445
file: 24.199.115.140
hash: 445
file: 154.247.166.34
hash: 995
file: 142.154.8.161
hash: 443
file: 102.113.158.156
hash: 443
file: 31.117.143.39
hash: 2222
file: 187.211.117.174
hash: 443
file: 201.124.62.185
hash: 995
file: 78.19.226.207
hash: 2222
file: 38.6.177.117
hash: 8888
file: 3.66.249.70
hash: 3790
file: 45.32.232.31
hash: 13782
file: 158.247.196.155
hash: 9785
url: https://frensterol.com/yveu/
url: https://re-tend.com/ud0vh/
file: 77.83.196.189
hash: 80
url: http://www.theokanegroup.com/jquery-3.3.1.min.js
domain: www.theokanegroup.com
file: 175.178.45.17
hash: 7777
url: http://92.63.196.45:81/activity
url: http://121.40.243.103:8080/cx
url: http://124.223.83.171:8055/ie9compatviewlist.xml
url: http://101.43.49.244:8888/ga.js
url: http://1.117.79.251:88/j.ad
url: http://110.42.222.61/load
url: http://20.107.244.135/ie9compatviewlist.xml
url: http://110.40.171.243/upload/v7.89/qikqd52kv7
url: http://43.129.249.115:65534/pixel.gif
url: https://rockpython.xyz/match
domain: rockpython.xyz
file: 192.46.232.181
hash: 443
url: http://service-3s2hxn8v-1308639534.sh.apigw.tencentcs.com/api/getit
domain: service-3s2hxn8v-1308639534.sh.apigw.tencentcs.com
url: https://121.40.66.171/visit.js
url: http://8.219.229.99/push
domain: www2.eastus.cloudapp.azure.com
domain: www1.allegiancefithealth.com
url: http://195.20.16.93/
url: https://dodovdo.store/kla/phone.txt
url: https://dodovdo.store/kla/log.php
url: https://dodovdo.store/
domain: dodovdo.store
domain: salesthe.xyz
domain: sahmane.sbs
domain: ed.sahmane.sbs
url: https://salesthe.xyz/reza/web.txt
url: https://salesthe.xyz/reza/log.php
file: 46.1.103.69
hash: 4263
url: https://ed.sahmane.sbs//apply.php
file: 46.1.103.69
hash: 7355
file: 188.241.39.165
hash: 54984
url: http://91.92.243.151/api/firegate.php
file: 68.183.227.107
hash: 444
file: 104.223.118.109
hash: 443
file: 104.248.81.48
hash: 443
file: 194.213.18.45
hash: 8443
file: 45.33.69.35
hash: 5242
file: 155.138.132.163
hash: 13786
file: 172.232.189.83
hash: 5243
file: 172.104.12.76
hash: 5242
file: 97.107.131.224
hash: 13782
file: 172.232.189.84
hash: 23399
file: 3.76.98.45
hash: 2376
file: 139.162.215.12
hash: 3790
url: http://8.130.79.38:5432/load
url: http://124.221.237.165/j.ad
file: 124.221.237.165
hash: 80
url: http://101.43.170.225:8090/en_us/all.js
url: http://121.37.18.7/cx
url: http://47.116.113.9:8887/match
url: http://82.157.69.161:8099/match
url: http://117.50.176.222:8001/en_us/all.js
file: 91.92.243.43
hash: 7719
domain: 7desktop.com
file: 45.76.71.236
hash: 443
file: 198.23.227.175
hash: 8880
file: 91.192.100.22
hash: 8000
file: 186.168.71.240
hash: 2404
file: 185.81.157.135
hash: 2525
file: 185.81.157.236
hash: 4444
file: 181.235.87.205
hash: 2404
file: 185.81.157.103
hash: 2222
file: 187.24.3.145
hash: 8888
file: 193.23.3.37
hash: 4003
file: 193.23.3.37
hash: 4545
file: 81.214.77.85
hash: 57
file: 185.81.157.254
hash: 6606
file: 185.81.157.254
hash: 7707
file: 185.81.157.254
hash: 8808
file: 190.28.181.222
hash: 2000
file: 91.208.92.74
hash: 4444
file: 186.112.202.44
hash: 2404
file: 186.112.202.44
hash: 8888
file: 136.243.151.21
hash: 80
file: 223.155.16.150
hash: 23333
file: 27.158.214.241
hash: 52516
file: 81.205.110.65
hash: 4783
file: 109.147.149.255
hash: 4782
file: 223.155.16.152
hash: 23333
file: 64.52.80.114
hash: 4782
file: 223.155.16.149
hash: 23333
file: 223.155.16.151
hash: 23333
file: 93.85.85.86
hash: 4782
file: 64.176.81.70
hash: 9090
file: 116.103.214.233
hash: 21
file: 116.103.214.233
hash: 1024
file: 116.103.214.233
hash: 8080
file: 116.103.214.233
hash: 9025
file: 116.103.214.233
hash: 42132
file: 185.216.70.238
hash: 8081
file: 85.209.11.247
hash: 8081
file: 37.27.22.139
hash: 8081
file: 185.216.70.233
hash: 8081
file: 128.140.73.191
hash: 8081
file: 5.42.92.51
hash: 8081
file: 152.89.198.49
hash: 8081
file: 34.124.231.204
hash: 7443
file: 34.124.138.144
hash: 7443
file: 34.28.132.129
hash: 443
file: 171.250.188.34
hash: 8000
file: 110.92.64.176
hash: 4449
file: 208.64.33.115
hash: 4449
file: 64.40.154.127
hash: 4449
file: 81.28.6.148
hash: 9090
file: 18.166.249.66
hash: 443
file: 154.204.181.27
hash: 4449
file: 34.121.161.18
hash: 5900
file: 18.211.111.68
hash: 443
file: 34.194.229.219
hash: 443
file: 18.213.237.79
hash: 443
domain: 33095-2.whserv.de
domain: autoconfig.33095-2.whserv.de
domain: ip-89-38-135-11-82867.vps.hosted-by-mvps.net
domain: lamp.manuelsterner.de
domain: vpn.manuelsterner.de
file: 77.53.97.85
hash: 55554
file: 154.179.78.37
hash: 443
file: 18.231.93.153
hash: 12256
file: 5.252.178.38
hash: 8081
file: 172.233.237.227
hash: 31337
file: 193.149.176.199
hash: 31337
file: 173.49.90.229
hash: 31337
file: 47.116.13.239
hash: 60000
file: 103.186.215.46
hash: 60000
file: 123.60.99.12
hash: 60000
file: 111.230.242.229
hash: 60000
file: 1.92.72.148
hash: 60000
file: 101.200.187.59
hash: 60000
file: 8.130.27.180
hash: 60000
file: 43.143.187.177
hash: 60000
file: 101.200.164.66
hash: 60000
file: 43.142.177.236
hash: 60000
file: 23.95.85.102
hash: 60000
file: 1.94.51.173
hash: 60000
file: 8.131.50.94
hash: 60000
file: 156.224.27.167
hash: 8000
file: 121.22.243.241
hash: 47779
domain: ec2-44-200-80-224.compute-1.amazonaws.com
domain: 192-46-232-181.ip.linodeusercontent.com
domain: ms17-010.win-x86.zip
file: 47.116.79.79
hash: 443
file: 8.140.184.64
hash: 8080
domain: ec2-54-237-14-58.compute-1.amazonaws.com
file: 121.196.200.178
hash: 80
file: 1.14.46.82
hash: 80
file: 47.92.116.209
hash: 443
file: 104.219.209.175
hash: 60000
file: 149.28.145.175
hash: 8090
file: 110.41.32.218
hash: 80
file: 149.88.77.120
hash: 2222
file: 103.186.215.46
hash: 8080
file: 45.138.16.196
hash: 1222
file: 121.91.168.253
hash: 8081
file: 111.230.198.166
hash: 8443
file: 111.230.198.166
hash: 8888
file: 47.97.6.61
hash: 80
file: 47.120.48.10
hash: 80
file: 47.120.48.10
hash: 8888
file: 124.221.38.104
hash: 8888
file: 134.122.75.115
hash: 23
file: 134.175.121.178
hash: 443
file: 159.75.252.21
hash: 443
file: 195.88.56.36
hash: 8443
file: 124.223.58.225
hash: 8081
file: 38.54.84.141
hash: 443
file: 54.237.14.58
hash: 443
file: 106.12.124.212
hash: 8012
file: 114.115.180.116
hash: 81
file: 23.94.56.161
hash: 80
file: 43.142.177.236
hash: 80
file: 172.94.104.162
hash: 443
file: 59.110.161.54
hash: 80
file: 101.34.28.84
hash: 80
file: 8.212.15.60
hash: 7443
file: 44.193.191.18
hash: 443
file: 47.107.44.15
hash: 8089
file: 47.95.37.191
hash: 80
file: 164.155.134.98
hash: 80
file: 16.170.232.194
hash: 80
file: 185.73.125.8
hash: 80
file: 47.103.77.37
hash: 8080
file: 107.174.241.206
hash: 4444
file: 107.174.241.206
hash: 9999
file: 39.100.84.221
hash: 53
file: 185.196.9.120
hash: 2096
file: 124.223.197.198
hash: 8888
file: 49.232.249.109
hash: 80
file: 38.54.20.236
hash: 443
file: 111.229.106.48
hash: 4443
file: 111.229.106.48
hash: 4444
file: 124.222.223.144
hash: 80
file: 110.41.158.220
hash: 8888
file: 107.173.155.160
hash: 4433
file: 207.246.81.130
hash: 443
file: 150.158.45.62
hash: 4455
file: 44.200.80.224
hash: 80
url: https://ctrdfg.cloud/eblis/grape.php
url: https://ctrdfg.cloud/eblis/
url: https://ctrdfg.cloud/eblis/strawberry.php
url: https://xdpanel.cloud/tools/eblis.json
url: https://xdpanel.cloud/tools/
url: https://xdpanel.cloud/
domain: ctrdfg.cloud
url: https://jooshorks.pw/api
file: 3.64.193.204
hash: 2376
url: http://213.248.43.53/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
url: http://213.248.43.53/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
url: https://drnull.pkmqazreza.workers.dev/api/-1001983244127?encrypted=true
url: https://drnull.pkmqazreza.workers.dev/api/-1001983244127
url: https://drnull.pkmqazreza.workers.dev/config/-1001983244127
url: https://drnull.pkmqazreza.workers.dev/
domain: drnull.pkmqazreza.workers.dev
domain: pkmqazreza.workers.dev
url: https://dodovdo.store/far/web.txt
url: https://dodovdo.store/far/phone.txt
domain: panel.freeddns.org
url: https://adjj-ir.itsaol.com/in.php
url: https://salesthe.xyz/arslan/log.php
url: https://salesthe.xyz/arslan/web.txt
file: 101.35.42.157
hash: 60000
domain: clients.dnsportal.org
domain: ec2-3-68-111-52.eu-central-1.compute.amazonaws.com
file: 129.226.83.129
hash: 9999
file: 146.190.141.158
hash: 8089
url: https://dodovdo.store/gold/log.php
url: https://dodovdo.store/gold/phone.txt
url: http://engrousf.pw/api
domain: er.aledlsa.sbs
domain: aledlsa.sbs
url: https://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/
url: https://er.aledlsa.sbs//apply.php
url: https://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/apply.php
url: https://salesthe.xyz/kmeran/web.txt
url: https://salesthe.xyz/kmeran/log.php
file: 20.218.243.58
hash: 30829
file: 35.205.17.31
hash: 2376
file: 35.228.89.229
hash: 2376
file: 77.91.73.70
hash: 1488
url: https://ed.sarltma.rest/
url: https://ed.sarltma.rest//rat.php
url: https://ed.sarltma.rest/%f0%9d%90%9c%e2%80%8c%e2%80%8c/rat.php
url: https://salesthe.xyz/estayls/log.php
url: https://salesthe.xyz/estayls/web.txt
domain: ed.sarltma.rest
domain: sarltma.rest
url: https://www.mediafire.com/file/roa5krtmcmkvszq/cheatgeame.rar/file
url: https://cutt.ly/ywrf4ghd
url: https://kurl.ru/baknx
url: https://softonyxx.com/
url: https://www.mediafire.com/file/z5bov2gbgti7kse/cheat.zip/file
url: https://sites.google.com/view/valorant45
url: https://iirir.com/khodam/log.php
url: https://tinyurl.com/mryh33jv
url: https://iirir.com/khodam/web.txt
url: https://www.mediafire.com/file/3a6x11o8uilhi5c/dowloand.rar/file
url: https://iirir.com/khodam/
url: https://www.mediafire.com/file/7bhp93gywcm1gjl/valorant.zip/file
domain: iirir.com
url: https://kurl.ru/tpqme
url: https://www.dropbox.com/scl/fi/xnz4fm9l50zx67d9tl21u/launcher.zip?rlkey=nsye76y375ig7d9geraku6x72&dl=1
url: https://cutt.ly/1wym3o2q
url: https://tinyurl.com/56mk7pa8
url: https://kurl.ru/fkwvg
url: https://tinyurl.com/5ebpnjc8
url: https://www.mediafire.com/file/0c01oazdhg3vyvj/software_by_nixware_v1.rar
url: https://cutt.ly/pwyampux
url: https://cdn.discordapp.com/attachments/950116131354587206/1173339506448015462/setup.rar?ex=65639891&is=65512391&hm=b4b9cb1aae0be535158b8cdce3b740888601274569493a23a0d2a41910ca3c83&
url: https://www.mediafire.com/file/5706qszapws9a6s/software_by_nixware_v2.rar
url: https://cdn.discordapp.com/attachments/1173717476106838098/1173717612853743727/killazz_github.zip?ex=6564f8b5&is=655283b5&hm=1d5f5bf5f7a3d968c9ce852cff481262997e3f4014d3f97c6c73798d17fb4bff&
url: https://www.mediafire.com/file/a758f7iedcl34v8/filesetup.7z/file
url: https://cdn.discordapp.com/attachments/1170056539550273571/1172900269948936312/installer.zip?ex=6561ff7f&is=654f8a7f&hm=014482ae538b9864fc9113273fb768d47d6fe13dbaea6ebefcef8df8a7931105&
file: 104.36.229.15
hash: 5101
file: 49.12.245.198
hash: 445
file: 91.134.141.245
hash: 445
file: 39.51.188.223
hash: 995
file: 2.50.16.180
hash: 995
file: 141.11.250.53
hash: 3790
file: 194.169.175.128
hash: 37853
domain: ns.manager.moonlighter.space
file: 146.190.145.40
hash: 53
url: http://noladuer.pw/api
file: 194.49.94.152
hash: 19053
url: https://hardcorearrpa.viewdns.net/ie9compatviewlist.xml
domain: hardcorearrpa.viewdns.net
file: 172.111.251.138
hash: 443
url: https://175.178.14.59/push
file: 175.178.14.59
hash: 443
url: http://47.94.43.210:8080/jquery-3.3.1.min.js

ThreatFox IOCs for 2023-11-15

Severity: medium

Type: malware

ThreatFox IOCs for 2023-11-15

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://shohetrc.com/forum/index.php
url: http://shohetrc.com/forum/login.php
url: http://shohetrc.com/forum/index.php?scr=1
url: http://tceducn.com/forum/index.php
url: http://tceducn.com/forum/login.php
url: http://shohetrc.com/forum/plugins/clip64.dll
url: http://shohetrc.com/forum/plugins/cred64.dll
url: https://planbusiness.com.tr/nmm2yjmyyje4mmmx/
url: https://planlimited.com.tr/nmm2yjmyyje4mmmx/
url: https://planultra.com.tr/nmm2yjmyyje4mmmx/
url: https://octobusiness.com.tr/nmm2yjmyyje4mmmx/
url: https://businessocto.com.tr/nmm2yjmyyje4mmmx/
url: https://94.156.68.231/nmm2yjmyyje4mmmx/
url: https://mmma8291play.xyz/nmm2yjmyyje4mmmx/
url: https://94.156.68.232/nmm2yjmyyje4mmmx/
url: https://94.156.68.233/nmm2yjmyyje4mmmx/
url: https://94.156.68.234/nmm2yjmyyje4mmmx/
url: https://mmma8291play.net/nmm2yjmyyje4mmmx/
url: https://mmma8291play.com/nmm2yjmyyje4mmmx/
url: https://mmma7811play.net/nmm2yjmyyje4mmmx/
url: https://mmma7811play.xyz/nmm2yjmyyje4mmmx/
url: https://mmma7811play.com/nmm2yjmyyje4mmmx/
url: http://amzoneyfotela.net/
url: http://aynedfer.net/
url: http://terekovenzozsen.net/
file: 111.230.198.166
hash: 80
file: 101.36.110.122
hash: 443
file: 54.174.89.226
hash: 8083
file: 83.40.181.55
hash: 3790
file: 65.49.210.124
hash: 443
url: https://8.210.141.104/owa/
url: https://8.210.141.104/ews/2012
file: 8.210.141.104
hash: 443
file: 141.164.62.87
hash: 8443
file: 178.190.102.43
hash: 2376
file: 103.212.81.158
hash: 3050
file: 52.61.168.199
hash: 80
url: http://185.29.10.12/2023/panel/index.php
file: 45.85.249.39
hash: 3790
file: 34.245.119.31
hash: 443
file: 162.14.102.159
hash: 443
file: 54.193.91.232
hash: 9443
file: 170.64.171.160
hash: 443
file: 144.76.182.181
hash: 443
file: 34.81.238.204
hash: 445
file: 3.97.232.186
hash: 445
file: 54.186.60.102
hash: 445
file: 24.199.115.140
hash: 445
file: 154.247.166.34
hash: 995
file: 142.154.8.161
hash: 443
file: 102.113.158.156
hash: 443
file: 31.117.143.39
hash: 2222
file: 187.211.117.174
hash: 443
file: 201.124.62.185
hash: 995
file: 78.19.226.207
hash: 2222
file: 38.6.177.117
hash: 8888
file: 3.66.249.70
hash: 3790
file: 45.32.232.31
hash: 13782
file: 158.247.196.155
hash: 9785
url: https://frensterol.com/yveu/
url: https://re-tend.com/ud0vh/
file: 77.83.196.189
hash: 80
url: http://www.theokanegroup.com/jquery-3.3.1.min.js
domain: www.theokanegroup.com
file: 175.178.45.17
hash: 7777
url: http://92.63.196.45:81/activity
url: http://121.40.243.103:8080/cx
url: http://124.223.83.171:8055/ie9compatviewlist.xml
url: http://101.43.49.244:8888/ga.js
url: http://1.117.79.251:88/j.ad
url: http://110.42.222.61/load
url: http://20.107.244.135/ie9compatviewlist.xml
url: http://110.40.171.243/upload/v7.89/qikqd52kv7
url: http://43.129.249.115:65534/pixel.gif
url: https://rockpython.xyz/match
domain: rockpython.xyz
file: 192.46.232.181
hash: 443
url: http://service-3s2hxn8v-1308639534.sh.apigw.tencentcs.com/api/getit
domain: service-3s2hxn8v-1308639534.sh.apigw.tencentcs.com
url: https://121.40.66.171/visit.js
url: http://8.219.229.99/push
domain: www2.eastus.cloudapp.azure.com
domain: www1.allegiancefithealth.com
url: http://195.20.16.93/
url: https://dodovdo.store/kla/phone.txt
url: https://dodovdo.store/kla/log.php
url: https://dodovdo.store/
domain: dodovdo.store
domain: salesthe.xyz
domain: sahmane.sbs
domain: ed.sahmane.sbs
url: https://salesthe.xyz/reza/web.txt
url: https://salesthe.xyz/reza/log.php
file: 46.1.103.69
hash: 4263
url: https://ed.sahmane.sbs//apply.php
file: 46.1.103.69
hash: 7355
file: 188.241.39.165
hash: 54984
url: http://91.92.243.151/api/firegate.php
file: 68.183.227.107
hash: 444
file: 104.223.118.109
hash: 443
file: 104.248.81.48
hash: 443
file: 194.213.18.45
hash: 8443
file: 45.33.69.35
hash: 5242
file: 155.138.132.163
hash: 13786
file: 172.232.189.83
hash: 5243
file: 172.104.12.76
hash: 5242
file: 97.107.131.224
hash: 13782
file: 172.232.189.84
hash: 23399
file: 3.76.98.45
hash: 2376
file: 139.162.215.12
hash: 3790
url: http://8.130.79.38:5432/load
url: http://124.221.237.165/j.ad
file: 124.221.237.165
hash: 80
url: http://101.43.170.225:8090/en_us/all.js
url: http://121.37.18.7/cx
url: http://47.116.113.9:8887/match
url: http://82.157.69.161:8099/match
url: http://117.50.176.222:8001/en_us/all.js
file: 91.92.243.43
hash: 7719
domain: 7desktop.com
file: 45.76.71.236
hash: 443
file: 198.23.227.175
hash: 8880
file: 91.192.100.22
hash: 8000
file: 186.168.71.240
hash: 2404
file: 185.81.157.135
hash: 2525
file: 185.81.157.236
hash: 4444
file: 181.235.87.205
hash: 2404
file: 185.81.157.103
hash: 2222
file: 187.24.3.145
hash: 8888
file: 193.23.3.37
hash: 4003
file: 193.23.3.37
hash: 4545
file: 81.214.77.85
hash: 57
file: 185.81.157.254
hash: 6606
file: 185.81.157.254
hash: 7707
file: 185.81.157.254
hash: 8808
file: 190.28.181.222
hash: 2000
file: 91.208.92.74
hash: 4444
file: 186.112.202.44
hash: 2404
file: 186.112.202.44
hash: 8888
file: 136.243.151.21
hash: 80
file: 223.155.16.150
hash: 23333
file: 27.158.214.241
hash: 52516
file: 81.205.110.65
hash: 4783
file: 109.147.149.255
hash: 4782
file: 223.155.16.152
hash: 23333
file: 64.52.80.114
hash: 4782
file: 223.155.16.149
hash: 23333
file: 223.155.16.151
hash: 23333
file: 93.85.85.86
hash: 4782
file: 64.176.81.70
hash: 9090
file: 116.103.214.233
hash: 21
file: 116.103.214.233
hash: 1024
file: 116.103.214.233
hash: 8080
file: 116.103.214.233
hash: 9025
file: 116.103.214.233
hash: 42132
file: 185.216.70.238
hash: 8081
file: 85.209.11.247
hash: 8081
file: 37.27.22.139
hash: 8081
file: 185.216.70.233
hash: 8081
file: 128.140.73.191
hash: 8081
file: 5.42.92.51
hash: 8081
file: 152.89.198.49
hash: 8081
file: 34.124.231.204
hash: 7443
file: 34.124.138.144
hash: 7443
file: 34.28.132.129
hash: 443
file: 171.250.188.34
hash: 8000
file: 110.92.64.176
hash: 4449
file: 208.64.33.115
hash: 4449
file: 64.40.154.127
hash: 4449
file: 81.28.6.148
hash: 9090
file: 18.166.249.66
hash: 443
file: 154.204.181.27
hash: 4449
file: 34.121.161.18
hash: 5900
file: 18.211.111.68
hash: 443
file: 34.194.229.219
hash: 443
file: 18.213.237.79
hash: 443
domain: 33095-2.whserv.de
domain: autoconfig.33095-2.whserv.de
domain: ip-89-38-135-11-82867.vps.hosted-by-mvps.net
domain: lamp.manuelsterner.de
domain: vpn.manuelsterner.de
file: 77.53.97.85
hash: 55554
file: 154.179.78.37
hash: 443
file: 18.231.93.153
hash: 12256
file: 5.252.178.38
hash: 8081
file: 172.233.237.227
hash: 31337
file: 193.149.176.199
hash: 31337
file: 173.49.90.229
hash: 31337
file: 47.116.13.239
hash: 60000
file: 103.186.215.46
hash: 60000
file: 123.60.99.12
hash: 60000
file: 111.230.242.229
hash: 60000
file: 1.92.72.148
hash: 60000
file: 101.200.187.59
hash: 60000
file: 8.130.27.180
hash: 60000
file: 43.143.187.177
hash: 60000
file: 101.200.164.66
hash: 60000
file: 43.142.177.236
hash: 60000
file: 23.95.85.102
hash: 60000
file: 1.94.51.173
hash: 60000
file: 8.131.50.94
hash: 60000
file: 156.224.27.167
hash: 8000
file: 121.22.243.241
hash: 47779
domain: ec2-44-200-80-224.compute-1.amazonaws.com
domain: 192-46-232-181.ip.linodeusercontent.com
domain: ms17-010.win-x86.zip
file: 47.116.79.79
hash: 443
file: 8.140.184.64
hash: 8080
domain: ec2-54-237-14-58.compute-1.amazonaws.com
file: 121.196.200.178
hash: 80
file: 1.14.46.82
hash: 80
file: 47.92.116.209
hash: 443
file: 104.219.209.175
hash: 60000
file: 149.28.145.175
hash: 8090
file: 110.41.32.218
hash: 80
file: 149.88.77.120
hash: 2222
file: 103.186.215.46
hash: 8080
file: 45.138.16.196
hash: 1222
file: 121.91.168.253
hash: 8081
file: 111.230.198.166
hash: 8443
file: 111.230.198.166
hash: 8888
file: 47.97.6.61
hash: 80
file: 47.120.48.10
hash: 80
file: 47.120.48.10
hash: 8888
file: 124.221.38.104
hash: 8888
file: 134.122.75.115
hash: 23
file: 134.175.121.178
hash: 443
file: 159.75.252.21
hash: 443
file: 195.88.56.36
hash: 8443
file: 124.223.58.225
hash: 8081
file: 38.54.84.141
hash: 443
file: 54.237.14.58
hash: 443
file: 106.12.124.212
hash: 8012
file: 114.115.180.116
hash: 81
file: 23.94.56.161
hash: 80
file: 43.142.177.236
hash: 80
file: 172.94.104.162
hash: 443
file: 59.110.161.54
hash: 80
file: 101.34.28.84
hash: 80
file: 8.212.15.60
hash: 7443
file: 44.193.191.18
hash: 443
file: 47.107.44.15
hash: 8089
file: 47.95.37.191
hash: 80
file: 164.155.134.98
hash: 80
file: 16.170.232.194
hash: 80
file: 185.73.125.8
hash: 80
file: 47.103.77.37
hash: 8080
file: 107.174.241.206
hash: 4444
file: 107.174.241.206
hash: 9999
file: 39.100.84.221
hash: 53
file: 185.196.9.120
hash: 2096
file: 124.223.197.198
hash: 8888
file: 49.232.249.109
hash: 80
file: 38.54.20.236
hash: 443
file: 111.229.106.48
hash: 4443
file: 111.229.106.48
hash: 4444
file: 124.222.223.144
hash: 80
file: 110.41.158.220
hash: 8888
file: 107.173.155.160
hash: 4433
file: 207.246.81.130
hash: 443
file: 150.158.45.62
hash: 4455
file: 44.200.80.224
hash: 80
url: https://ctrdfg.cloud/eblis/grape.php
url: https://ctrdfg.cloud/eblis/
url: https://ctrdfg.cloud/eblis/strawberry.php
url: https://xdpanel.cloud/tools/eblis.json
url: https://xdpanel.cloud/tools/
url: https://xdpanel.cloud/
domain: ctrdfg.cloud
url: https://jooshorks.pw/api
file: 3.64.193.204
hash: 2376
url: http://213.248.43.53/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
url: http://213.248.43.53/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
url: https://drnull.pkmqazreza.workers.dev/api/-1001983244127?encrypted=true
url: https://drnull.pkmqazreza.workers.dev/api/-1001983244127
url: https://drnull.pkmqazreza.workers.dev/config/-1001983244127
url: https://drnull.pkmqazreza.workers.dev/
domain: drnull.pkmqazreza.workers.dev
domain: pkmqazreza.workers.dev
url: https://dodovdo.store/far/web.txt
url: https://dodovdo.store/far/phone.txt
domain: panel.freeddns.org
url: https://adjj-ir.itsaol.com/in.php
url: https://salesthe.xyz/arslan/log.php
url: https://salesthe.xyz/arslan/web.txt
file: 101.35.42.157
hash: 60000
domain: clients.dnsportal.org
domain: ec2-3-68-111-52.eu-central-1.compute.amazonaws.com
file: 129.226.83.129
hash: 9999
file: 146.190.141.158
hash: 8089
url: https://dodovdo.store/gold/log.php
url: https://dodovdo.store/gold/phone.txt
url: http://engrousf.pw/api
domain: er.aledlsa.sbs
domain: aledlsa.sbs
url: https://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/
url: https://er.aledlsa.sbs//apply.php
url: https://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/apply.php
url: https://salesthe.xyz/kmeran/web.txt
url: https://salesthe.xyz/kmeran/log.php
file: 20.218.243.58
hash: 30829
file: 35.205.17.31
hash: 2376
file: 35.228.89.229
hash: 2376
file: 77.91.73.70
hash: 1488
url: https://ed.sarltma.rest/
url: https://ed.sarltma.rest//rat.php
url: https://ed.sarltma.rest/%f0%9d%90%9c%e2%80%8c%e2%80%8c/rat.php
url: https://salesthe.xyz/estayls/log.php
url: https://salesthe.xyz/estayls/web.txt
domain: ed.sarltma.rest
domain: sarltma.rest
url: https://www.mediafire.com/file/roa5krtmcmkvszq/cheatgeame.rar/file
url: https://cutt.ly/ywrf4ghd
url: https://kurl.ru/baknx
url: https://softonyxx.com/
url: https://www.mediafire.com/file/z5bov2gbgti7kse/cheat.zip/file
url: https://sites.google.com/view/valorant45
url: https://iirir.com/khodam/log.php
url: https://tinyurl.com/mryh33jv
url: https://iirir.com/khodam/web.txt
url: https://www.mediafire.com/file/3a6x11o8uilhi5c/dowloand.rar/file
url: https://iirir.com/khodam/
url: https://www.mediafire.com/file/7bhp93gywcm1gjl/valorant.zip/file
domain: iirir.com
url: https://kurl.ru/tpqme
url: https://www.dropbox.com/scl/fi/xnz4fm9l50zx67d9tl21u/launcher.zip?rlkey=nsye76y375ig7d9geraku6x72&dl=1
url: https://cutt.ly/1wym3o2q
url: https://tinyurl.com/56mk7pa8
url: https://kurl.ru/fkwvg
url: https://tinyurl.com/5ebpnjc8
url: https://www.mediafire.com/file/0c01oazdhg3vyvj/software_by_nixware_v1.rar
url: https://cutt.ly/pwyampux
url: https://cdn.discordapp.com/attachments/950116131354587206/1173339506448015462/setup.rar?ex=65639891&is=65512391&hm=b4b9cb1aae0be535158b8cdce3b740888601274569493a23a0d2a41910ca3c83&
url: https://www.mediafire.com/file/5706qszapws9a6s/software_by_nixware_v2.rar
url: https://cdn.discordapp.com/attachments/1173717476106838098/1173717612853743727/killazz_github.zip?ex=6564f8b5&is=655283b5&hm=1d5f5bf5f7a3d968c9ce852cff481262997e3f4014d3f97c6c73798d17fb4bff&
url: https://www.mediafire.com/file/a758f7iedcl34v8/filesetup.7z/file
url: https://cdn.discordapp.com/attachments/1170056539550273571/1172900269948936312/installer.zip?ex=6561ff7f&is=654f8a7f&hm=014482ae538b9864fc9113273fb768d47d6fe13dbaea6ebefcef8df8a7931105&
file: 104.36.229.15
hash: 5101
file: 49.12.245.198
hash: 445
file: 91.134.141.245
hash: 445
file: 39.51.188.223
hash: 995
file: 2.50.16.180
hash: 995
file: 141.11.250.53
hash: 3790
file: 194.169.175.128
hash: 37853
domain: ns.manager.moonlighter.space
file: 146.190.145.40
hash: 53
url: http://noladuer.pw/api
file: 194.49.94.152
hash: 19053
url: https://hardcorearrpa.viewdns.net/ie9compatviewlist.xml
domain: hardcorearrpa.viewdns.net
file: 172.111.251.138
hash: 443
url: https://175.178.14.59/push
file: 175.178.14.59
hash: 443
url: http://47.94.43.210:8080/jquery-3.3.1.min.js

Source: ThreatFox MISP Feed

Published: Wed Nov 15 2023

ThreatFox IOCs for 2023-11-15

Medium

Malwaretype:osint tlp:white

Published: Wed Nov 15 2023 (11/15/2023, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2023-11-15

AI-Powered Analysis

AILast updated: 07/05/2025, 23:10:47 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: fda1b177-04c8-4e52-b20b-35cf3cab9448
Original Timestamp: 1700092986

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://shohetrc.com/forum/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://shohetrc.com/forum/login.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://shohetrc.com/forum/index.php?scr=1	Amadey botnet C2 (confidence level: 100%)
urlhttp://tceducn.com/forum/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://tceducn.com/forum/login.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://shohetrc.com/forum/plugins/clip64.dll	Amadey payload delivery URL (confidence level: 100%)
urlhttp://shohetrc.com/forum/plugins/cred64.dll	Amadey payload delivery URL (confidence level: 100%)
urlhttps://planbusiness.com.tr/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://planlimited.com.tr/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://planultra.com.tr/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://octobusiness.com.tr/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://businessocto.com.tr/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.231/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://mmma8291play.xyz/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.232/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.233/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.234/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://mmma8291play.net/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://mmma8291play.com/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://mmma7811play.net/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://mmma7811play.xyz/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttps://mmma7811play.com/nmm2yjmyyje4mmmx/	Coper botnet C2 (confidence level: 80%)
urlhttp://amzoneyfotela.net/	Hydra botnet C2 (confidence level: 100%)
urlhttp://aynedfer.net/	Hydra botnet C2 (confidence level: 100%)
urlhttp://terekovenzozsen.net/	Hydra botnet C2 (confidence level: 100%)
urlhttps://8.210.141.104/owa/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.210.141.104/ews/2012	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.29.10.12/2023/panel/index.php	Azorult botnet C2 (confidence level: 100%)
urlhttps://frensterol.com/yveu/	Pikabot payload delivery URL (confidence level: 100%)
urlhttps://re-tend.com/ud0vh/	Pikabot payload delivery URL (confidence level: 100%)
urlhttp://www.theokanegroup.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://92.63.196.45:81/activity	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.243.103:8080/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.223.83.171:8055/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.49.244:8888/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.117.79.251:88/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.42.222.61/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.107.244.135/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.40.171.243/upload/v7.89/qikqd52kv7	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.129.249.115:65534/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://rockpython.xyz/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-3s2hxn8v-1308639534.sh.apigw.tencentcs.com/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://121.40.66.171/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.219.229.99/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://195.20.16.93/	RecordBreaker botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/kla/phone.txt	IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/kla/log.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/	IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/reza/web.txt	IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/reza/log.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sahmane.sbs//apply.php	IRATA botnet C2 (confidence level: 100%)
urlhttp://91.92.243.151/api/firegate.php	PrivateLoader botnet C2 (confidence level: 100%)
urlhttp://8.130.79.38:5432/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.221.237.165/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.170.225:8090/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.37.18.7/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.116.113.9:8887/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.69.161:8099/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://117.50.176.222:8001/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ctrdfg.cloud/eblis/grape.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://ctrdfg.cloud/eblis/	IRATA botnet C2 (confidence level: 100%)
urlhttps://ctrdfg.cloud/eblis/strawberry.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://xdpanel.cloud/tools/eblis.json	IRATA botnet C2 (confidence level: 100%)
urlhttps://xdpanel.cloud/tools/	IRATA botnet C2 (confidence level: 100%)
urlhttps://xdpanel.cloud/	IRATA botnet C2 (confidence level: 100%)
urlhttps://jooshorks.pw/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://213.248.43.53/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://213.248.43.53/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/api/-1001983244127?encrypted=true	IRATA botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/api/-1001983244127	IRATA botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/config/-1001983244127	IRATA botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/	IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/far/web.txt	IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/far/phone.txt	IRATA botnet C2 (confidence level: 100%)
urlhttps://adjj-ir.itsaol.com/in.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/arslan/log.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/arslan/web.txt	IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/gold/log.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/gold/phone.txt	IRATA botnet C2 (confidence level: 100%)
urlhttp://engrousf.pw/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/	IRATA botnet C2 (confidence level: 100%)
urlhttps://er.aledlsa.sbs//apply.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/apply.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/kmeran/web.txt	IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/kmeran/log.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sarltma.rest/	IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sarltma.rest//rat.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sarltma.rest/%f0%9d%90%9c%e2%80%8c%e2%80%8c/rat.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/estayls/log.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/estayls/web.txt	IRATA botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file/roa5krtmcmkvszq/cheatgeame.rar/file	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cutt.ly/ywrf4ghd	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://kurl.ru/baknx	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://softonyxx.com/	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/z5bov2gbgti7kse/cheat.zip/file	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://sites.google.com/view/valorant45	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://iirir.com/khodam/log.php	IRATA botnet C2 (confidence level: 100%)
urlhttps://tinyurl.com/mryh33jv	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://iirir.com/khodam/web.txt	IRATA botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file/3a6x11o8uilhi5c/dowloand.rar/file	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://iirir.com/khodam/	IRATA botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file/7bhp93gywcm1gjl/valorant.zip/file	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://kurl.ru/tpqme	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.dropbox.com/scl/fi/xnz4fm9l50zx67d9tl21u/launcher.zip?rlkey=nsye76y375ig7d9geraku6x72&dl=1	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cutt.ly/1wym3o2q	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://tinyurl.com/56mk7pa8	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://kurl.ru/fkwvg	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://tinyurl.com/5ebpnjc8	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/0c01oazdhg3vyvj/software_by_nixware_v1.rar	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cutt.ly/pwyampux	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/950116131354587206/1173339506448015462/setup.rar?ex=65639891&is=65512391&hm=b4b9cb1aae0be535158b8cdce3b740888601274569493a23a0d2a41910ca3c83&	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/5706qszapws9a6s/software_by_nixware_v2.rar	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/1173717476106838098/1173717612853743727/killazz_github.zip?ex=6564f8b5&is=655283b5&hm=1d5f5bf5f7a3d968c9ce852cff481262997e3f4014d3f97c6c73798d17fb4bff&	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/a758f7iedcl34v8/filesetup.7z/file	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/1170056539550273571/1172900269948936312/installer.zip?ex=6561ff7f&is=654f8a7f&hm=014482ae538b9864fc9113273fb768d47d6fe13dbaea6ebefcef8df8a7931105&	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://noladuer.pw/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://hardcorearrpa.viewdns.net/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://175.178.14.59/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.43.210:8080/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file111.230.198.166	Cobalt Strike botnet C2 server (confidence level: 80%)
file101.36.110.122	Cobalt Strike botnet C2 server (confidence level: 80%)
file54.174.89.226	Sliver botnet C2 server (confidence level: 80%)
file83.40.181.55	Meterpreter botnet C2 server (confidence level: 80%)
file65.49.210.124	Cobalt Strike botnet C2 server (confidence level: 80%)
file8.210.141.104	Cobalt Strike botnet C2 server (confidence level: 100%)
file141.164.62.87	ShadowPad botnet C2 server (confidence level: 75%)
file178.190.102.43	Sliver botnet C2 server (confidence level: 80%)
file103.212.81.158	Remcos botnet C2 server (confidence level: 75%)
file52.61.168.199	Unknown malware botnet C2 server (confidence level: 80%)
file45.85.249.39	Meterpreter botnet C2 server (confidence level: 80%)
file34.245.119.31	BianLian botnet C2 server (confidence level: 80%)
file162.14.102.159	Cobalt Strike botnet C2 server (confidence level: 80%)
file54.193.91.232	BianLian botnet C2 server (confidence level: 50%)
file170.64.171.160	Havoc botnet C2 server (confidence level: 50%)
file144.76.182.181	Havoc botnet C2 server (confidence level: 50%)
file34.81.238.204	Responder botnet C2 server (confidence level: 50%)
file3.97.232.186	Responder botnet C2 server (confidence level: 50%)
file54.186.60.102	Responder botnet C2 server (confidence level: 50%)
file24.199.115.140	Responder botnet C2 server (confidence level: 50%)
file154.247.166.34	QakBot botnet C2 server (confidence level: 50%)
file142.154.8.161	QakBot botnet C2 server (confidence level: 50%)
file102.113.158.156	QakBot botnet C2 server (confidence level: 50%)
file31.117.143.39	QakBot botnet C2 server (confidence level: 50%)
file187.211.117.174	QakBot botnet C2 server (confidence level: 50%)
file201.124.62.185	QakBot botnet C2 server (confidence level: 50%)
file78.19.226.207	QakBot botnet C2 server (confidence level: 50%)
file38.6.177.117	Unknown malware botnet C2 server (confidence level: 50%)
file3.66.249.70	Meterpreter botnet C2 server (confidence level: 80%)
file45.32.232.31	Pikabot botnet C2 server (confidence level: 100%)
file158.247.196.155	Pikabot botnet C2 server (confidence level: 100%)
file77.83.196.189	IcedID botnet C2 server (confidence level: 75%)
file175.178.45.17	Cobalt Strike botnet C2 server (confidence level: 80%)
file192.46.232.181	Cobalt Strike botnet C2 server (confidence level: 100%)
file46.1.103.69	AsyncRAT botnet C2 server (confidence level: 75%)
file46.1.103.69	AsyncRAT botnet C2 server (confidence level: 75%)
file188.241.39.165	Nanocore RAT botnet C2 server (confidence level: 80%)
file68.183.227.107	PoshC2 botnet C2 server (confidence level: 80%)
file104.223.118.109	IcedID botnet C2 server (confidence level: 100%)
file104.248.81.48	IcedID botnet C2 server (confidence level: 80%)
file194.213.18.45	BianLian botnet C2 server (confidence level: 80%)
file45.33.69.35	Pikabot botnet C2 server (confidence level: 100%)
file155.138.132.163	Pikabot botnet C2 server (confidence level: 100%)
file172.232.189.83	Pikabot botnet C2 server (confidence level: 100%)
file172.104.12.76	Pikabot botnet C2 server (confidence level: 100%)
file97.107.131.224	Pikabot botnet C2 server (confidence level: 100%)
file172.232.189.84	Pikabot botnet C2 server (confidence level: 100%)
file3.76.98.45	Sliver botnet C2 server (confidence level: 80%)
file139.162.215.12	Meterpreter botnet C2 server (confidence level: 80%)
file124.221.237.165	Cobalt Strike botnet C2 server (confidence level: 100%)
file91.92.243.43	AsyncRAT botnet C2 server (confidence level: 100%)
file45.76.71.236	Havoc botnet C2 server (confidence level: 100%)
file198.23.227.175	AsyncRAT botnet C2 server (confidence level: 100%)
file91.192.100.22	AsyncRAT botnet C2 server (confidence level: 100%)
file186.168.71.240	AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.135	AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.236	AsyncRAT botnet C2 server (confidence level: 100%)
file181.235.87.205	AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.103	AsyncRAT botnet C2 server (confidence level: 100%)
file187.24.3.145	AsyncRAT botnet C2 server (confidence level: 100%)
file193.23.3.37	AsyncRAT botnet C2 server (confidence level: 100%)
file193.23.3.37	AsyncRAT botnet C2 server (confidence level: 100%)
file81.214.77.85	AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.254	AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.254	AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.254	AsyncRAT botnet C2 server (confidence level: 100%)
file190.28.181.222	AsyncRAT botnet C2 server (confidence level: 100%)
file91.208.92.74	AsyncRAT botnet C2 server (confidence level: 100%)
file186.112.202.44	AsyncRAT botnet C2 server (confidence level: 100%)
file186.112.202.44	AsyncRAT botnet C2 server (confidence level: 100%)
file136.243.151.21	AsyncRAT botnet C2 server (confidence level: 100%)
file223.155.16.150	Quasar RAT botnet C2 server (confidence level: 100%)
file27.158.214.241	Quasar RAT botnet C2 server (confidence level: 100%)
file81.205.110.65	Quasar RAT botnet C2 server (confidence level: 100%)
file109.147.149.255	Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.152	Quasar RAT botnet C2 server (confidence level: 100%)
file64.52.80.114	Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.149	Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.151	Quasar RAT botnet C2 server (confidence level: 100%)
file93.85.85.86	Quasar RAT botnet C2 server (confidence level: 100%)
file64.176.81.70	Quasar RAT botnet C2 server (confidence level: 100%)
file116.103.214.233	Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233	Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233	Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233	Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233	Orcus RAT botnet C2 server (confidence level: 100%)
file185.216.70.238	RisePro botnet C2 server (confidence level: 100%)
file85.209.11.247	RisePro botnet C2 server (confidence level: 100%)
file37.27.22.139	RisePro botnet C2 server (confidence level: 100%)
file185.216.70.233	RisePro botnet C2 server (confidence level: 100%)
file128.140.73.191	RisePro botnet C2 server (confidence level: 100%)
file5.42.92.51	RisePro botnet C2 server (confidence level: 100%)
file152.89.198.49	RisePro botnet C2 server (confidence level: 100%)
file34.124.231.204	Unknown malware botnet C2 server (confidence level: 100%)
file34.124.138.144	Unknown malware botnet C2 server (confidence level: 100%)
file34.28.132.129	Unknown malware botnet C2 server (confidence level: 100%)
file171.250.188.34	Venom RAT botnet C2 server (confidence level: 100%)
file110.92.64.176	Venom RAT botnet C2 server (confidence level: 100%)
file208.64.33.115	Venom RAT botnet C2 server (confidence level: 100%)
file64.40.154.127	Venom RAT botnet C2 server (confidence level: 100%)
file81.28.6.148	Venom RAT botnet C2 server (confidence level: 100%)
file18.166.249.66	Venom RAT botnet C2 server (confidence level: 100%)
file154.204.181.27	Venom RAT botnet C2 server (confidence level: 100%)
file34.121.161.18	Ares botnet C2 server (confidence level: 90%)
file18.211.111.68	Unknown malware botnet C2 server (confidence level: 100%)
file34.194.229.219	Unknown malware botnet C2 server (confidence level: 100%)
file18.213.237.79	Unknown malware botnet C2 server (confidence level: 100%)
file77.53.97.85	DarkComet botnet C2 server (confidence level: 100%)
file154.179.78.37	DarkComet botnet C2 server (confidence level: 100%)
file18.231.93.153	DarkComet botnet C2 server (confidence level: 100%)
file5.252.178.38	ShadowPad botnet C2 server (confidence level: 90%)
file172.233.237.227	Sliver botnet C2 server (confidence level: 90%)
file193.149.176.199	Sliver botnet C2 server (confidence level: 90%)
file173.49.90.229	Sliver botnet C2 server (confidence level: 90%)
file47.116.13.239	Viper RAT botnet C2 server (confidence level: 100%)
file103.186.215.46	Viper RAT botnet C2 server (confidence level: 100%)
file123.60.99.12	Viper RAT botnet C2 server (confidence level: 100%)
file111.230.242.229	Viper RAT botnet C2 server (confidence level: 100%)
file1.92.72.148	Viper RAT botnet C2 server (confidence level: 100%)
file101.200.187.59	Viper RAT botnet C2 server (confidence level: 100%)
file8.130.27.180	Viper RAT botnet C2 server (confidence level: 100%)
file43.143.187.177	Viper RAT botnet C2 server (confidence level: 100%)
file101.200.164.66	Viper RAT botnet C2 server (confidence level: 100%)
file43.142.177.236	Viper RAT botnet C2 server (confidence level: 100%)
file23.95.85.102	Viper RAT botnet C2 server (confidence level: 100%)
file1.94.51.173	Viper RAT botnet C2 server (confidence level: 100%)
file8.131.50.94	Viper RAT botnet C2 server (confidence level: 100%)
file156.224.27.167	Ghost RAT botnet C2 server (confidence level: 75%)
file121.22.243.241	Ghost RAT botnet C2 server (confidence level: 75%)
file47.116.79.79	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.140.184.64	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.196.200.178	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.14.46.82	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.116.209	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.219.209.175	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.28.145.175	Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.32.218	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.88.77.120	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.186.215.46	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.138.16.196	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.91.168.253	Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.198.166	Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.198.166	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.97.6.61	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.48.10	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.48.10	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.221.38.104	Cobalt Strike botnet C2 server (confidence level: 100%)
file134.122.75.115	Cobalt Strike botnet C2 server (confidence level: 100%)
file134.175.121.178	Cobalt Strike botnet C2 server (confidence level: 100%)
file159.75.252.21	Cobalt Strike botnet C2 server (confidence level: 100%)
file195.88.56.36	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.58.225	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.84.141	Cobalt Strike botnet C2 server (confidence level: 100%)
file54.237.14.58	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.12.124.212	Cobalt Strike botnet C2 server (confidence level: 100%)
file114.115.180.116	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.56.161	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.142.177.236	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.94.104.162	Cobalt Strike botnet C2 server (confidence level: 100%)
file59.110.161.54	Cobalt Strike botnet C2 server (confidence level: 100%)
file101.34.28.84	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.212.15.60	Cobalt Strike botnet C2 server (confidence level: 100%)
file44.193.191.18	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.107.44.15	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.95.37.191	Cobalt Strike botnet C2 server (confidence level: 100%)
file164.155.134.98	Cobalt Strike botnet C2 server (confidence level: 100%)
file16.170.232.194	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.73.125.8	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.103.77.37	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.241.206	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.241.206	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.84.221	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.9.120	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.197.198	Cobalt Strike botnet C2 server (confidence level: 100%)
file49.232.249.109	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.20.236	Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.106.48	Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.106.48	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.222.223.144	Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.158.220	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.155.160	Cobalt Strike botnet C2 server (confidence level: 100%)
file207.246.81.130	Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.45.62	Cobalt Strike botnet C2 server (confidence level: 100%)
file44.200.80.224	Cobalt Strike botnet C2 server (confidence level: 100%)
file3.64.193.204	Sliver botnet C2 server (confidence level: 80%)
file101.35.42.157	Viper RAT botnet C2 server (confidence level: 100%)
file129.226.83.129	Cobalt Strike botnet C2 server (confidence level: 100%)
file146.190.141.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file20.218.243.58	RedLine Stealer botnet C2 server (confidence level: 100%)
file35.205.17.31	Sliver botnet C2 server (confidence level: 80%)
file35.228.89.229	Sliver botnet C2 server (confidence level: 80%)
file77.91.73.70	Quasar RAT botnet C2 server (confidence level: 100%)
file104.36.229.15	BianLian botnet C2 server (confidence level: 50%)
file49.12.245.198	Responder botnet C2 server (confidence level: 50%)
file91.134.141.245	Responder botnet C2 server (confidence level: 50%)
file39.51.188.223	QakBot botnet C2 server (confidence level: 50%)
file2.50.16.180	QakBot botnet C2 server (confidence level: 50%)
file141.11.250.53	Meterpreter botnet C2 server (confidence level: 80%)
file194.169.175.128	RedLine Stealer botnet C2 server (confidence level: 100%)
file146.190.145.40	Cobalt Strike botnet C2 server (confidence level: 100%)
file194.49.94.152	RedLine Stealer botnet C2 server (confidence level: 100%)
file172.111.251.138	Cobalt Strike botnet C2 server (confidence level: 100%)
file175.178.14.59	Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash80	Cobalt Strike botnet C2 server (confidence level: 80%)
hash443	Cobalt Strike botnet C2 server (confidence level: 80%)
hash8083	Sliver botnet C2 server (confidence level: 80%)
hash3790	Meterpreter botnet C2 server (confidence level: 80%)
hash443	Cobalt Strike botnet C2 server (confidence level: 80%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	ShadowPad botnet C2 server (confidence level: 75%)
hash2376	Sliver botnet C2 server (confidence level: 80%)
hash3050	Remcos botnet C2 server (confidence level: 75%)
hash80	Unknown malware botnet C2 server (confidence level: 80%)
hash3790	Meterpreter botnet C2 server (confidence level: 80%)
hash443	BianLian botnet C2 server (confidence level: 80%)
hash443	Cobalt Strike botnet C2 server (confidence level: 80%)
hash9443	BianLian botnet C2 server (confidence level: 50%)
hash443	Havoc botnet C2 server (confidence level: 50%)
hash443	Havoc botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash995	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash2222	QakBot botnet C2 server (confidence level: 50%)
hash443	QakBot botnet C2 server (confidence level: 50%)
hash995	QakBot botnet C2 server (confidence level: 50%)
hash2222	QakBot botnet C2 server (confidence level: 50%)
hash8888	Unknown malware botnet C2 server (confidence level: 50%)
hash3790	Meterpreter botnet C2 server (confidence level: 80%)
hash13782	Pikabot botnet C2 server (confidence level: 100%)
hash9785	Pikabot botnet C2 server (confidence level: 100%)
hash80	IcedID botnet C2 server (confidence level: 75%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 80%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4263	AsyncRAT botnet C2 server (confidence level: 75%)
hash7355	AsyncRAT botnet C2 server (confidence level: 75%)
hash54984	Nanocore RAT botnet C2 server (confidence level: 80%)
hash444	PoshC2 botnet C2 server (confidence level: 80%)
hash443	IcedID botnet C2 server (confidence level: 100%)
hash443	IcedID botnet C2 server (confidence level: 80%)
hash8443	BianLian botnet C2 server (confidence level: 80%)
hash5242	Pikabot botnet C2 server (confidence level: 100%)
hash13786	Pikabot botnet C2 server (confidence level: 100%)
hash5243	Pikabot botnet C2 server (confidence level: 100%)
hash5242	Pikabot botnet C2 server (confidence level: 100%)
hash13782	Pikabot botnet C2 server (confidence level: 100%)
hash23399	Pikabot botnet C2 server (confidence level: 100%)
hash2376	Sliver botnet C2 server (confidence level: 80%)
hash3790	Meterpreter botnet C2 server (confidence level: 80%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7719	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash8880	AsyncRAT botnet C2 server (confidence level: 100%)
hash8000	AsyncRAT botnet C2 server (confidence level: 100%)
hash2404	AsyncRAT botnet C2 server (confidence level: 100%)
hash2525	AsyncRAT botnet C2 server (confidence level: 100%)
hash4444	AsyncRAT botnet C2 server (confidence level: 100%)
hash2404	AsyncRAT botnet C2 server (confidence level: 100%)
hash2222	AsyncRAT botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash4003	AsyncRAT botnet C2 server (confidence level: 100%)
hash4545	AsyncRAT botnet C2 server (confidence level: 100%)
hash57	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash2000	AsyncRAT botnet C2 server (confidence level: 100%)
hash4444	AsyncRAT botnet C2 server (confidence level: 100%)
hash2404	AsyncRAT botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	AsyncRAT botnet C2 server (confidence level: 100%)
hash23333	Quasar RAT botnet C2 server (confidence level: 100%)
hash52516	Quasar RAT botnet C2 server (confidence level: 100%)
hash4783	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash23333	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash23333	Quasar RAT botnet C2 server (confidence level: 100%)
hash23333	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash9090	Quasar RAT botnet C2 server (confidence level: 100%)
hash21	Orcus RAT botnet C2 server (confidence level: 100%)
hash1024	Orcus RAT botnet C2 server (confidence level: 100%)
hash8080	Orcus RAT botnet C2 server (confidence level: 100%)
hash9025	Orcus RAT botnet C2 server (confidence level: 100%)
hash42132	Orcus RAT botnet C2 server (confidence level: 100%)
hash8081	RisePro botnet C2 server (confidence level: 100%)
hash8081	RisePro botnet C2 server (confidence level: 100%)
hash8081	RisePro botnet C2 server (confidence level: 100%)
hash8081	RisePro botnet C2 server (confidence level: 100%)
hash8081	RisePro botnet C2 server (confidence level: 100%)
hash8081	RisePro botnet C2 server (confidence level: 100%)
hash8081	RisePro botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8000	Venom RAT botnet C2 server (confidence level: 100%)
hash4449	Venom RAT botnet C2 server (confidence level: 100%)
hash4449	Venom RAT botnet C2 server (confidence level: 100%)
hash4449	Venom RAT botnet C2 server (confidence level: 100%)
hash9090	Venom RAT botnet C2 server (confidence level: 100%)
hash443	Venom RAT botnet C2 server (confidence level: 100%)
hash4449	Venom RAT botnet C2 server (confidence level: 100%)
hash5900	Ares botnet C2 server (confidence level: 90%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash55554	DarkComet botnet C2 server (confidence level: 100%)
hash443	DarkComet botnet C2 server (confidence level: 100%)
hash12256	DarkComet botnet C2 server (confidence level: 100%)
hash8081	ShadowPad botnet C2 server (confidence level: 90%)
hash31337	Sliver botnet C2 server (confidence level: 90%)
hash31337	Sliver botnet C2 server (confidence level: 90%)
hash31337	Sliver botnet C2 server (confidence level: 90%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash8000	Ghost RAT botnet C2 server (confidence level: 75%)
hash47779	Ghost RAT botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash60000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2222	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1222	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash23	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8012	Cobalt Strike botnet C2 server (confidence level: 100%)
hash81	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash53	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2096	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4455	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2376	Sliver botnet C2 server (confidence level: 80%)
hash60000	Viper RAT botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089	Cobalt Strike botnet C2 server (confidence level: 100%)
hash30829	RedLine Stealer botnet C2 server (confidence level: 100%)
hash2376	Sliver botnet C2 server (confidence level: 80%)
hash2376	Sliver botnet C2 server (confidence level: 80%)
hash1488	Quasar RAT botnet C2 server (confidence level: 100%)
hash5101	BianLian botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash445	Responder botnet C2 server (confidence level: 50%)
hash995	QakBot botnet C2 server (confidence level: 50%)
hash995	QakBot botnet C2 server (confidence level: 50%)
hash3790	Meterpreter botnet C2 server (confidence level: 80%)
hash37853	RedLine Stealer botnet C2 server (confidence level: 100%)
hash53	Cobalt Strike botnet C2 server (confidence level: 100%)
hash19053	RedLine Stealer botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domainwww.theokanegroup.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainrockpython.xyz	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-3s2hxn8v-1308639534.sh.apigw.tencentcs.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww2.eastus.cloudapp.azure.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww1.allegiancefithealth.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domaindodovdo.store	IRATA botnet C2 domain (confidence level: 100%)
domainsalesthe.xyz	IRATA botnet C2 domain (confidence level: 100%)
domainsahmane.sbs	IRATA botnet C2 domain (confidence level: 100%)
domained.sahmane.sbs	IRATA botnet C2 domain (confidence level: 100%)
domain7desktop.com	Havoc botnet C2 domain (confidence level: 100%)
domain33095-2.whserv.de	Vidar botnet C2 domain (confidence level: 100%)
domainautoconfig.33095-2.whserv.de	Vidar botnet C2 domain (confidence level: 100%)
domainip-89-38-135-11-82867.vps.hosted-by-mvps.net	Vidar botnet C2 domain (confidence level: 100%)
domainlamp.manuelsterner.de	Vidar botnet C2 domain (confidence level: 100%)
domainvpn.manuelsterner.de	Vidar botnet C2 domain (confidence level: 100%)
domainec2-44-200-80-224.compute-1.amazonaws.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domain192-46-232-181.ip.linodeusercontent.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainms17-010.win-x86.zip	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-54-237-14-58.compute-1.amazonaws.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainctrdfg.cloud	IRATA botnet C2 domain (confidence level: 100%)
domaindrnull.pkmqazreza.workers.dev	IRATA botnet C2 domain (confidence level: 100%)
domainpkmqazreza.workers.dev	IRATA botnet C2 domain (confidence level: 100%)
domainpanel.freeddns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domainclients.dnsportal.org	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-3-68-111-52.eu-central-1.compute.amazonaws.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainer.aledlsa.sbs	IRATA botnet C2 domain (confidence level: 100%)
domainaledlsa.sbs	IRATA botnet C2 domain (confidence level: 100%)
domained.sarltma.rest	IRATA botnet C2 domain (confidence level: 100%)
domainsarltma.rest	IRATA botnet C2 domain (confidence level: 100%)
domainiirir.com	IRATA botnet C2 domain (confidence level: 100%)
domainns.manager.moonlighter.space	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainhardcorearrpa.viewdns.net	Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 68359c9a5d5f0974d01e4595

Added to database: 5/27/2025, 11:06:02 AM

Last enriched: 7/5/2025, 11:10:47 PM

Last updated: 8/17/2025, 6:30:22 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2023-11-15

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2023-11-15

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Related Threats

ThreatFox IOCs for 2025-08-18

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility