ThreatFox IOCs for 2023-11-20
Severity: mediumType: malware
ThreatFox IOCs for 2023-11-20
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related report titled "ThreatFox IOCs for 2023-11-20," sourced from ThreatFox, which is a platform specializing in sharing Indicators of Compromise (IOCs) and threat intelligence. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. There are no affected product versions listed, and no specific Common Weakness Enumerations (CWEs) or patch links are provided. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate distribution but limited analysis depth. No known exploits in the wild have been reported, and no indicators such as IP addresses, hashes, or domains are included. The threat is tagged with "tlp:white," meaning the information is intended for public sharing without restrictions. Overall, this appears to be a collection or update of IOCs related to malware activity as of November 20, 2023, rather than a specific, active exploit or vulnerability. The lack of detailed technical indicators or affected systems suggests this is an intelligence update rather than a direct threat vector.
Potential Impact
Given the nature of the information as a set of IOCs without specific affected products or vulnerabilities, the direct impact on European organizations is limited in this context. However, the dissemination of updated IOCs can aid defenders in identifying and mitigating malware infections or intrusions. If these IOCs correspond to malware campaigns targeting European entities, organizations could face risks such as data exfiltration, system compromise, or disruption depending on the malware's capabilities. Since no known exploits are currently active and no specific systems are identified, the immediate operational impact is low to medium. Nonetheless, failure to incorporate these IOCs into security monitoring tools could result in delayed detection of malware infections, increasing the risk of prolonged compromise. The medium severity rating aligns with the potential for these IOCs to enhance threat detection rather than indicating an active, high-impact threat.
Mitigation Recommendations
To effectively leverage this intelligence, European organizations should integrate the provided IOCs into their security information and event management (SIEM) systems, endpoint detection and response (EDR) tools, and intrusion detection/prevention systems (IDS/IPS). Regularly updating threat intelligence feeds with ThreatFox data can improve detection capabilities. Organizations should conduct targeted threat hunting exercises using these IOCs to identify any latent infections. Additionally, enhancing network segmentation and enforcing strict access controls can limit malware spread if infections are detected. Since no specific vulnerabilities or exploits are identified, patching is not directly applicable here, but maintaining up-to-date software and applying security best practices remain essential. Training security teams to interpret and act on OSINT-derived IOCs will improve response times. Finally, sharing relevant findings with industry Information Sharing and Analysis Centers (ISACs) can help contextualize the threat landscape.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- file: 93.123.85.86
- hash: 14356
- file: 194.87.191.171
- hash: 24901
- domain: api.dynabot.top
- url: http://ayranoos.net/
- file: 101.34.222.38
- hash: 50050
- file: 114.35.162.47
- hash: 80
- file: 3.127.214.250
- hash: 2376
- file: 3.121.101.76
- hash: 443
- hash: 7cab5be54ea256801ffbb8c5f14bbe8acf8c8edf4b14bec82a8e73f2a22fc229
- hash: 973915a73886ef408763d305dbe5751d261f7d8830052e41b531967822296537
- hash: c3a9e6a732a84fe4b81b1baeae069ec493e06318fcd5e64292f1ff6cb1f1caa9
- hash: 5d2eacac07062b0fa317c0e09cabbbcedb06a57cb0a4f083f25c8c6225c06210
- hash: 3443a6f35fe0a67eca82926719dead31ba13da6d4e261fb90d61fd9e6a393a3a
- hash: 7aba840cab8eb7550f125127b2cd2de247dcdee330588f05dfcf5d54951dbb3a
- hash: e27a6a678d2a3391d3dedd7f6b5bcffe
- hash: 45d298d77388b0ed1c4e8c3a606372b4
- hash: e8d1dba8557e9cc05e776c98cb1d4487
- hash: 9c05241bbb97adcfe928b71aa750a842
- hash: 601c0ef164e21c0054ee508459aca013
- hash: c0234b268d9360134d50230bc76f2ed8
- hash: b1cf78b086b1611faa31eba09b1e1e4be9fe1d0b48445e961160936c968688b2
- hash: 2f79ba5506bd211b452481a3c2047d2ccda8b44e73e191649b42844e0bad4108
- hash: 4d702d443ed2aeac60ed77f6fe48c2b7356dee10b2e5e2691da85945d7e72688
- hash: 66b2be1da3c7546f6356f0017c07bbe9733a42c4ed06ada7c61a75d7200cb02e
- hash: 730862de1bb846e0effbe03dfe0e52ec2dc72f61c384fcf760c5a4e519999118
- hash: 17d001badc91a8e6fa10766ed9e0d779c7acbb97f1b41582ab073e217e96cfbc
- hash: 0cb96aa4ef5e80a0bc1bb1fe2ac92e137d80aa42674b62a3e62d32b06cf8109b
- hash: 87519074d04e8a2e308a57c78bc26a96
- hash: 76c144719369a2c045233e9adefccdab
- hash: 013814a7b0cbe71c53959ceda800b850
- hash: 37db4fb67e3dec1f7798547dbfa7335c
- hash: 9764064fe0987903056d5aae34dbd162
- hash: 5060438df06671415a6f2e614405420b
- hash: 212b9c30e66bcdbe07c8e03cfea2f504
- domain: sdt.fartit.com
- domain: sst.fartit.com
- domain: ssn.fartit.com
- domain: ssj.fartit.com
- domain: ssv.fartit.com
- domain: scv.fartit.com
- domain: ssf.fartit.com
- domain: ssc.fartit.com
- domain: shc.fartit.com
- domain: shf.fartit.com
- domain: scm.dns05.com
- domain: rdc.dns05.com
- domain: fbc.dns05.com
- domain: smf.dns05.com
- domain: smc.dns05.com
- domain: fca.dns05.com
- url: http://sdt.fartit.com/saham.apk
- url: http://sst.fartit.com/app.apk
- url: http://ssn.fartit.com/app.apk
- url: http://ssj.fartit.com/app.apk
- url: http://ssv.fartit.com/app.apk
- url: http://scv.fartit.com/app.apk
- url: http://ssc.fartit.com/app.apk
- url: http://ssf.fartit.com/app.apk
- url: http://shc.fartit.com/app.apk
- url: http://shf.fartit.com/app.apk
- url: https://scm.dns05.com/saham.apk
- url: http://rdc.dns05.com/saham.apk
- url: http://fbc.dns05.com/saham.apk
- url: https://smf.dns05.com/saham.apk
- url: https://fca.dns05.com/saham.apk
- url: https://smc.dns05.com/saham.apk
- file: 198.12.88.135
- hash: 80
- file: 198.12.88.135
- hash: 443
- file: 91.92.254.87
- hash: 1606
- file: 43.249.9.208
- hash: 80
- file: 103.35.190.33
- hash: 31337
- file: 103.35.190.33
- hash: 8080
- file: 83.97.20.136
- hash: 7443
- file: 157.245.48.209
- hash: 443
- file: 79.133.183.84
- hash: 443
- file: 176.126.113.164
- hash: 80
- file: 212.71.238.198
- hash: 80
- file: 77.91.101.173
- hash: 443
- file: 161.142.98.51
- hash: 995
- file: 154.246.62.35
- hash: 993
- file: 176.44.90.218
- hash: 995
- file: 75.173.60.146
- hash: 443
- file: 124.223.38.97
- hash: 8888
- file: 8.130.34.53
- hash: 8888
- url: http://5.182.86.156/eternalpipesqltrackcdn.php
- url: http://atillapro.com/vsdjcn3khs/login.php
- url: http://5.42.66.9/vsdjcn3khs/login.php
- url: http://69.197.161.106/g9sdjscv2/login.php
- file: 165.154.233.32
- hash: 1024
- file: 185.189.241.159
- hash: 443
- file: 175.27.191.226
- hash: 443
- file: 185.189.241.186
- hash: 443
- file: 34.92.77.165
- hash: 443
- file: 13.208.47.9
- hash: 53
- file: 109.123.230.56
- hash: 80
- file: 34.92.30.54
- hash: 80
- file: 185.189.241.208
- hash: 53
- file: 185.189.241.155
- hash: 53
- file: 45.74.6.148
- hash: 8443
- file: 175.27.191.226
- hash: 80
- file: 185.189.241.186
- hash: 53
- file: 185.189.241.159
- hash: 53
- file: 45.86.162.190
- hash: 80
- file: 175.27.191.226
- hash: 21
- file: 45.67.230.185
- hash: 443
- file: 203.69.170.86
- hash: 443
- file: 16.163.142.128
- hash: 80
- file: 185.189.241.208
- hash: 8080
- file: 185.189.241.155
- hash: 8080
- file: 45.74.6.188
- hash: 21
- file: 35.77.99.82
- hash: 80
- file: 112.121.187.179
- hash: 12345
- file: 154.204.24.244
- hash: 65000
- file: 13.115.129.191
- hash: 8080
- file: 43.230.161.205
- hash: 12345
- file: 45.67.230.185
- hash: 80
- file: 203.69.170.86
- hash: 80
- file: 203.69.170.86
- hash: 21
- file: 167.179.98.155
- hash: 80
- url: http://0-9u210edu12j-dj-1.xyz/g9smksxla/login.php
- url: http://185.196.8.176/7jshasds/login.php
- url: http://167.235.20.126/bjdm32dp/login.php
- url: http://193.42.33.7/mbsdvj3/login.php
- url: http://77.91.97.162/g93kdwj3s/login.php
- url: http://kbond2024.org/g9sdjscv2/login.php
- file: 103.97.176.121
- hash: 8080
- file: 154.7.64.210
- hash: 44444
- file: 95.174.24.213
- hash: 443
- file: 91.92.242.192
- hash: 54357
- file: 91.92.242.85
- hash: 4285
- file: 79.137.205.179
- hash: 80
- file: 101.132.186.224
- hash: 80
- url: http://barbecueappledos.pw/api
- url: http://terninadeshi.pw/api
- url: http://proogreso.pw/api
- url: http://sensfixlook.pw/api
- url: http://bloockflad.pw/api
- file: 172.203.240.179
- hash: 80
- url: http://139.9.186.196/j.ad
- file: 82.64.87.168
- hash: 54984
- url: https://198.46.143.110/__utm.gif
- file: 198.46.143.110
- hash: 443
- url: https://142.93.2.25:10026/contact/v9.23/aodfy6x8uv
- url: http://47.113.204.90:8080/activity
- url: https://18.185.64.250/ga.js
- file: 3.121.109.215
- hash: 443
- url: http://43.249.9.208/dot.gif
- url: http://185.172.128.19/ghsdh39s/login.php
- file: 172.93.217.218
- hash: 2404
- domain: ns.controlcavi.com
- url: http://47.94.221.227/updates.rss
- domain: dns31.starbucksvip.com
- domain: dns32.starbucksvip.com
- file: 47.101.148.200
- hash: 53
- url: http://103.39.78.153:8080/pixel
- url: http://redteam.tandemcyberops.co/fwlink
- url: http://192.144.231.110/visit.js
- url: http://content.microsoft.com.w.kunlunca.com/cx
- url: http://121.40.66.171:85/__utm.gif
- url: http://182.43.71.62:8888/dpixel
- url: https://121.40.66.171/cx
- url: http://gravellyroadhunge.pw/api
- file: 77.105.139.229
- hash: 3790
- url: https://gpksanfrancisco.com/cdn-vs/get.php
- url: https://gpksanfrancisco.com/cache/qzwewmrqqgqnaww.php
- url: https://forumsecrets.com/getimagedata.php
- file: 194.135.104.211
- hash: 3790
- url: http://121.37.214.255/push
- url: http://213.226.123.124/cm
- url: http://85.209.11.131/dot.gif
- url: http://43.249.9.208/__utm.gif
- file: 43.249.9.208
- hash: 443
- url: http://47.95.37.191/j.ad
- url: http://16.163.101.10:2052/jquery-3.3.1.min.js
- url: http://182.92.216.47/ptj
- file: 67.223.117.90
- hash: 80
- file: 196.200.131.2
- hash: 53
- file: 178.208.87.112
- hash: 443
- file: 172.86.75.10
- hash: 443
- file: 107.150.18.101
- hash: 1604
- file: 38.54.84.31
- hash: 80
- file: 158.247.253.206
- hash: 443
- file: 103.56.19.158
- hash: 993
- file: 209.58.190.167
- hash: 32443
- file: 103.97.176.121
- hash: 443
- file: 103.97.176.121
- hash: 80
- file: 207.148.120.140
- hash: 80
- file: 207.148.120.140
- hash: 443
- file: 207.148.120.140
- hash: 995
- file: 158.247.202.188
- hash: 993
- file: 37.187.122.227
- hash: 53
- file: 51.159.66.125
- hash: 53
- file: 1.120.227.126
- hash: 4449
- file: 103.149.201.161
- hash: 6106
- file: 103.233.253.8
- hash: 8801
- file: 103.82.38.49
- hash: 4449
- file: 104.168.24.201
- hash: 2345
- file: 121.62.23.38
- hash: 5555
- file: 124.248.66.136
- hash: 4449
- file: 124.248.66.143
- hash: 4449
- file: 124.248.66.148
- hash: 4449
- file: 124.248.66.154
- hash: 4449
- file: 129.226.175.203
- hash: 7771
- file: 138.199.21.208
- hash: 4449
- file: 147.185.221.16
- hash: 47793
- file: 147.185.221.16
- hash: 57444
- file: 154.221.25.208
- hash: 8848
- file: 16.170.222.231
- hash: 13044
- file: 167.71.56.116
- hash: 22863
- file: 172.111.138.100
- hash: 4447
- file: 172.234.16.71
- hash: 6606
- file: 172.234.16.71
- hash: 7707
- file: 172.234.16.71
- hash: 8808
- file: 185.221.67.19
- hash: 18883
- file: 185.221.67.19
- hash: 4449
- file: 198.37.108.208
- hash: 5555
- file: 198.44.165.35
- hash: 6602
- file: 198.44.165.35
- hash: 8802
- file: 198.44.165.77
- hash: 6105
- file: 199.36.223.62
- hash: 52364
- file: 199.36.223.62
- hash: 8848
- file: 20.201.123.99
- hash: 30120
- file: 24.254.118.248
- hash: 4449
- file: 4.229.227.81
- hash: 8080
- file: 4.229.227.81
- hash: 8081
- file: 45.138.16.87
- hash: 998
- file: 46.1.103.69
- hash: 9371
- file: 65.21.8.16
- hash: 4449
- file: 79.134.225.113
- hash: 9346
- file: 91.107.228.216
- hash: 4449
- file: 82.117.253.136
- hash: 2351
- domain: 12tainss1s.xyz
- domain: 474ba67bdb289c6263b36dfd8.xyz
- domain: aaarr43.duckdns.org
- domain: amm.mine.nu
- domain: asdvua78v8ed4t6fhvha.cn
- domain: asfyvisoeogtca3.fun
- domain: bendicionesoctubre.ddnsguru.com
- domain: best-recycling.gl.at.ply.gg
- domain: bloxstrap.theworkpc.com
- domain: bollon8.kozow.com
- domain: dcemprendimiento.duckdns.org
- domain: dkteamfix.webhop.net
- domain: dool.ddns.net
- domain: drippmedsot.mywire.org
- domain: envio2023asy.bumbleshrimp.com
- domain: erouhisugvizi4.cn
- domain: exrobotos.duckdns.org
- domain: extra-hack.ddns.net
- domain: foodie.ooguy.com
- domain: forlatinamerica.bumbleshrimp.com
- domain: hmza.con-ip.com
- domain: itskmc.run.place
- domain: jauan2023.kozow.com
- domain: jobsearchtest.com
- domain: knowledge-variance.gl.at.ply.gg
- domain: l11ol12s.sells-it.net
- domain: lesson.webredirect.org
- domain: lila152512.duckdns.org
- domain: lol1112s.sells-it.net
- domain: loveisthegreatest.ddnsfree.com
- domain: microwsfp5555.ddns.net
- domain: mloptuytonroyem.sytes.net
- domain: modyforeditor.loseyourip.com
- domain: new22.vpndns.net
- domain: newjakodns.con-ip.com
- domain: nsairoet.kozow.com
- domain: pacman.dontexist.org
- domain: rxrr.duckdns.org
- domain: saofidubixo4r.top
- domain: sdhvvy7vbysuxnvjdr6gtd64.com
- domain: sen3tors.linkpc.net
- domain: shady-mo.duckdns.org
- domain: taaymhost.ddns.net
- domain: w3llstore.work.gd
- domain: webazssc.sytes.net
- domain: webazsswebc.sytes.net
- domain: webwdircetcc.sytes.net
- domain: webwsetcc.sytes.net
- domain: windowsignn.theworkpc.com
- domain: yaper.dynuddns.net
- file: 91.92.242.229
- hash: 443
- url: https://95.217.244.44/
- url: https://65.108.152.136/
- url: https://195.201.46.42/
- file: 95.217.244.44
- hash: 443
- file: 65.108.152.136
- hash: 443
- file: 195.201.46.42
- hash: 443
- file: 109.99.113.208
- hash: 4782
- file: 135.181.11.41
- hash: 2424
- file: 167.71.56.116
- hash: 22112
- file: 178.254.32.61
- hash: 4782
- file: 192.160.0.65
- hash: 5040
- file: 193.42.33.210
- hash: 4444
- file: 201.79.229.55
- hash: 1000
- file: 37.1.207.27
- hash: 222
- file: 43.135.4.224
- hash: 4789
- file: 45.148.244.83
- hash: 7752
- file: 45.61.128.77
- hash: 5552
- file: 54.94.248.37
- hash: 16018
- file: 8.134.72.167
- hash: 8808
- domain: action-list.gl.at.ply.gg
- domain: alex123123123141-56619.portmap.host
- domain: alibabash.ddns.net
- domain: allah420.ddns.net
- domain: an-volunteer.gl.at.ply.gg
- domain: awoware.ddns.net
- domain: berlinqua.duckdns.org
- domain: bitra12.duckdns.org
- domain: boogerbreath-59460.portmap.host
- domain: com-overhead.gl.at.ply.gg
- domain: dance-civilization.gl.at.ply.gg
- domain: dng.dns05.com
- domain: dng05vpn.v4.softether.net
- domain: donbaguette-43001.portmap.io
- domain: douzi.my-wan.de
- domain: everyone-substantially.gl.at.ply.gg
- domain: fragrant-pine-29547.pktriot.net
- domain: frosty-wind-77851.pktriot.net
- domain: frp.deitie.asia
- domain: input-helps.gl.at.ply.gg
- domain: japanese-youth.gl.at.ply.gg
- domain: johndoenut-37242.portmap.host
- domain: kids-reported.gl.at.ply.gg
- domain: memet.ddns.net
- domain: mercurial6969-64808.portmap.host
- domain: message-pockets.gl.at.ply.gg
- domain: microsoft-virtualpc.duckdns.org
- domain: okaa0-35095.portmap.host
- domain: okaa0-51499.portmap.host
- domain: opportunity-pillow.gl.at.ply.gg
- domain: scambaiting2022.ddns.net
- domain: schools-softball.gl.at.ply.gg
- domain: serverlolxd.ddns.net
- domain: short-shortly.gl.at.ply.gg
- domain: throbbing-mountain-09011.pktriot.net
- domain: tsxrkj.synology.me
- domain: visoxd-63447.portmap.host
- domain: voicia-net.ddns.net
- domain: without-sure.gl.at.ply.gg
- domain: youtubevideos.duckdns.org
- domain: zeroski.ink
- file: 209.127.186.232
- hash: 4765
- file: 147.185.221.16
- hash: 18915
- file: 147.185.221.16
- hash: 40164
- file: 147.185.221.16
- hash: 49975
- file: 15.228.35.69
- hash: 5000
- file: 172.177.19.106
- hash: 7000
- file: 188.148.105.135
- hash: 2112
- file: 35.220.199.19
- hash: 7000
- file: 54.90.216.100
- hash: 7001
- file: 62.233.57.160
- hash: 6789
- domain: 2freshinxworm2.ddns.net
- domain: antilol2113-61842.portmap.host
- domain: case-defines.gl.at.ply.gg
- domain: dizzywizzy-61490.portmap.host
- domain: espadadz.ddns.net
- domain: f8terat.ddns.net
- domain: federal-true.gl.at.ply.gg
- domain: fl-distributions.gl.at.ply.gg
- domain: functions-screensavers.gl.at.ply.gg
- domain: garden-event.at.ply.gg
- domain: goheg99417-59409.portmap.host
- domain: graxe239-61522.portmap.host
- domain: having-nevertheless.gl.at.ply.gg
- domain: juandice-60636.portmap.io
- domain: kriz-nas.ddnss.de
- domain: lead-selections.gl.at.ply.gg
- domain: m0ney7.ddns.net
- domain: media-specified.gl.at.ply.gg
- domain: menu-webcam.gl.at.ply.gg
- domain: normanisback.com
- domain: notfishvr55-32209.portmap.host
- domain: okaa0-25007.portmap.host
- domain: okaa0-35095.portmap.host
- domain: partner-juice.gl.at.ply.gg
- domain: q-grounds.gl.at.ply.gg
- domain: raven123.ddnsgeek.com
- domain: reference-tokyo.at.ply.gg
- domain: registered-dt.at.ply.gg
- domain: releases-photos.at.ply.gg
- domain: shows-brussels.gl.at.ply.gg
- domain: size-bills.at.ply.gg
- domain: tarekfr77-41254.portmap.host
- domain: tcxerr.duckdns.org
- file: 109.107.178.106
- hash: 1604
- url: http://124.222.14.232:28080/jquery-3.3.1.min.js
- domain: ns18.clsr.ca
- url: http://101.43.96.246/updates.rss
- url: http://loodwork.fun/api
- url: http://revivalsecularas.pw/api
- url: http://interplaychoske.pw/api
- file: 4.227.189.107
- hash: 7443
- file: 112.3.30.170
- hash: 10250
- file: 139.28.36.5
- hash: 443
- file: 147.182.146.29
- hash: 445
- file: 90.4.184.29
- hash: 2222
- file: 188.161.234.48
- hash: 443
- file: 102.156.106.202
- hash: 443
- file: 197.26.188.179
- hash: 443
- file: 154.246.62.35
- hash: 995
- file: 154.246.62.35
- hash: 2078
- file: 59.88.27.148
- hash: 993
- file: 43.153.207.85
- hash: 8888
- file: 54.233.162.122
- hash: 80
- domain: update.mis.charitykp.info
- domain: check.mis.charitykp.info
- domain: login.mis.charitykp.info
- domain: loodwork.fun
- file: 154.26.157.48
- hash: 55615
- file: 185.215.113.61
- hash: 16034
- url: http://bookgames.pw/api
- url: http://154.213.17.132:999/ptj
- file: 154.213.17.174
- hash: 999
- url: https://43.156.2.29/owa/
- file: 43.156.2.29
- hash: 443
- url: https://95.85.73.13/__utm.gif
- file: 95.85.73.13
- hash: 443
- url: https://baywatchrent.fr/doihn12ijok21.php?id=1
- url: https://hangdrums.fr/pofoiwjeniofj12.php?id=1
- url: https://mon-carnet-de-sante.fr/pqoicjein2.php?id=1
- url: https://ocube-consulting.fr/ofiuewq20o1.php?id=1
- url: https://supportlights.com/customerresources
- url: https://supportlights.com/appropriate
- url: https://cdn.discordapp.com/attachments/1170771441797566586/1174334633442291753/ccleaner.zip
ThreatFox IOCs for 2023-11-20
Medium
Published: Mon Nov 20 2023 (11/20/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2023-11-20
AI-Powered Analysis
AILast updated: 06/18/2025, 19:20:32 UTC
Technical Analysis
The provided threat information pertains to a malware-related report titled "ThreatFox IOCs for 2023-11-20," sourced from ThreatFox, which is a platform specializing in sharing Indicators of Compromise (IOCs) and threat intelligence. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. There are no affected product versions listed, and no specific Common Weakness Enumerations (CWEs) or patch links are provided. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate distribution but limited analysis depth. No known exploits in the wild have been reported, and no indicators such as IP addresses, hashes, or domains are included. The threat is tagged with "tlp:white," meaning the information is intended for public sharing without restrictions. Overall, this appears to be a collection or update of IOCs related to malware activity as of November 20, 2023, rather than a specific, active exploit or vulnerability. The lack of detailed technical indicators or affected systems suggests this is an intelligence update rather than a direct threat vector.
Potential Impact
Given the nature of the information as a set of IOCs without specific affected products or vulnerabilities, the direct impact on European organizations is limited in this context. However, the dissemination of updated IOCs can aid defenders in identifying and mitigating malware infections or intrusions. If these IOCs correspond to malware campaigns targeting European entities, organizations could face risks such as data exfiltration, system compromise, or disruption depending on the malware's capabilities. Since no known exploits are currently active and no specific systems are identified, the immediate operational impact is low to medium. Nonetheless, failure to incorporate these IOCs into security monitoring tools could result in delayed detection of malware infections, increasing the risk of prolonged compromise. The medium severity rating aligns with the potential for these IOCs to enhance threat detection rather than indicating an active, high-impact threat.
Mitigation Recommendations
To effectively leverage this intelligence, European organizations should integrate the provided IOCs into their security information and event management (SIEM) systems, endpoint detection and response (EDR) tools, and intrusion detection/prevention systems (IDS/IPS). Regularly updating threat intelligence feeds with ThreatFox data can improve detection capabilities. Organizations should conduct targeted threat hunting exercises using these IOCs to identify any latent infections. Additionally, enhancing network segmentation and enforcing strict access controls can limit malware spread if infections are detected. Since no specific vulnerabilities or exploits are identified, patching is not directly applicable here, but maintaining up-to-date software and applying security best practices remain essential. Training security teams to interpret and act on OSINT-derived IOCs will improve response times. Finally, sharing relevant findings with industry Information Sharing and Analysis Centers (ISACs) can help contextualize the threat landscape.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 01c7fe7b-758c-4643-9255-b361f396bb80
- Original Timestamp
- 1700524986
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file93.123.85.86 | Mirai botnet C2 server (confidence level: 75%) | |
file194.87.191.171 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file101.34.222.38 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file114.35.162.47 | Unknown malware botnet C2 server (confidence level: 80%) | |
file3.127.214.250 | Sliver botnet C2 server (confidence level: 80%) | |
file3.121.101.76 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file198.12.88.135 | IRATA payload delivery server (confidence level: 100%) | |
file198.12.88.135 | IRATA payload delivery server (confidence level: 100%) | |
file91.92.254.87 | Remcos botnet C2 server (confidence level: 75%) | |
file43.249.9.208 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file103.35.190.33 | Sliver botnet C2 server (confidence level: 50%) | |
file103.35.190.33 | Sliver botnet C2 server (confidence level: 50%) | |
file83.97.20.136 | Unknown malware botnet C2 server (confidence level: 50%) | |
file157.245.48.209 | BianLian botnet C2 server (confidence level: 50%) | |
file79.133.183.84 | Havoc botnet C2 server (confidence level: 50%) | |
file176.126.113.164 | Havoc botnet C2 server (confidence level: 50%) | |
file212.71.238.198 | Havoc botnet C2 server (confidence level: 50%) | |
file77.91.101.173 | pupy botnet C2 server (confidence level: 50%) | |
file161.142.98.51 | QakBot botnet C2 server (confidence level: 50%) | |
file154.246.62.35 | QakBot botnet C2 server (confidence level: 50%) | |
file176.44.90.218 | QakBot botnet C2 server (confidence level: 50%) | |
file75.173.60.146 | QakBot botnet C2 server (confidence level: 50%) | |
file124.223.38.97 | Unknown malware botnet C2 server (confidence level: 50%) | |
file8.130.34.53 | Unknown malware botnet C2 server (confidence level: 50%) | |
file165.154.233.32 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.189.241.159 | ShadowPad botnet C2 server (confidence level: 100%) | |
file175.27.191.226 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.189.241.186 | ShadowPad botnet C2 server (confidence level: 100%) | |
file34.92.77.165 | ShadowPad botnet C2 server (confidence level: 100%) | |
file13.208.47.9 | ShadowPad botnet C2 server (confidence level: 100%) | |
file109.123.230.56 | ShadowPad botnet C2 server (confidence level: 100%) | |
file34.92.30.54 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.189.241.208 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.189.241.155 | ShadowPad botnet C2 server (confidence level: 100%) | |
file45.74.6.148 | ShadowPad botnet C2 server (confidence level: 100%) | |
file175.27.191.226 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.189.241.186 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.189.241.159 | ShadowPad botnet C2 server (confidence level: 100%) | |
file45.86.162.190 | ShadowPad botnet C2 server (confidence level: 100%) | |
file175.27.191.226 | ShadowPad botnet C2 server (confidence level: 100%) | |
file45.67.230.185 | ShadowPad botnet C2 server (confidence level: 100%) | |
file203.69.170.86 | ShadowPad botnet C2 server (confidence level: 100%) | |
file16.163.142.128 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.189.241.208 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.189.241.155 | ShadowPad botnet C2 server (confidence level: 100%) | |
file45.74.6.188 | ShadowPad botnet C2 server (confidence level: 100%) | |
file35.77.99.82 | ShadowPad botnet C2 server (confidence level: 100%) | |
file112.121.187.179 | ShadowPad botnet C2 server (confidence level: 100%) | |
file154.204.24.244 | ShadowPad botnet C2 server (confidence level: 100%) | |
file13.115.129.191 | ShadowPad botnet C2 server (confidence level: 100%) | |
file43.230.161.205 | ShadowPad botnet C2 server (confidence level: 100%) | |
file45.67.230.185 | ShadowPad botnet C2 server (confidence level: 100%) | |
file203.69.170.86 | ShadowPad botnet C2 server (confidence level: 100%) | |
file203.69.170.86 | ShadowPad botnet C2 server (confidence level: 100%) | |
file167.179.98.155 | ShadowPad botnet C2 server (confidence level: 100%) | |
file103.97.176.121 | ShadowPad botnet C2 server (confidence level: 100%) | |
file154.7.64.210 | ShadowPad botnet C2 server (confidence level: 100%) | |
file95.174.24.213 | ShadowPad botnet C2 server (confidence level: 100%) | |
file91.92.242.192 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file91.92.242.85 | Remcos botnet C2 server (confidence level: 75%) | |
file79.137.205.179 | Meduza Stealer botnet C2 server (confidence level: 50%) | |
file101.132.186.224 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file172.203.240.179 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file82.64.87.168 | Nanocore RAT botnet C2 server (confidence level: 80%) | |
file198.46.143.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.121.109.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.93.217.218 | Remcos botnet C2 server (confidence level: 75%) | |
file47.101.148.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file77.105.139.229 | Meterpreter botnet C2 server (confidence level: 80%) | |
file194.135.104.211 | Meterpreter botnet C2 server (confidence level: 80%) | |
file43.249.9.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file67.223.117.90 | SharkBot botnet C2 server (confidence level: 75%) | |
file196.200.131.2 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
file178.208.87.112 | IcedID botnet C2 server (confidence level: 60%) | |
file172.86.75.10 | IcedID botnet C2 server (confidence level: 60%) | |
file107.150.18.101 | Remcos botnet C2 server (confidence level: 75%) | |
file38.54.84.31 | ShadowPad botnet C2 server (confidence level: 50%) | |
file158.247.253.206 | ShadowPad botnet C2 server (confidence level: 50%) | |
file103.56.19.158 | ShadowPad botnet C2 server (confidence level: 50%) | |
file209.58.190.167 | ShadowPad botnet C2 server (confidence level: 50%) | |
file103.97.176.121 | ShadowPad botnet C2 server (confidence level: 50%) | |
file103.97.176.121 | ShadowPad botnet C2 server (confidence level: 50%) | |
file207.148.120.140 | ShadowPad botnet C2 server (confidence level: 50%) | |
file207.148.120.140 | ShadowPad botnet C2 server (confidence level: 50%) | |
file207.148.120.140 | ShadowPad botnet C2 server (confidence level: 50%) | |
file158.247.202.188 | ShadowPad botnet C2 server (confidence level: 50%) | |
file37.187.122.227 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file51.159.66.125 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file1.120.227.126 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.149.201.161 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.233.253.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.82.38.49 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.168.24.201 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file121.62.23.38 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.248.66.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.248.66.143 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.248.66.148 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.248.66.154 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file129.226.175.203 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file138.199.21.208 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.16 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.16 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file154.221.25.208 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file16.170.222.231 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file167.71.56.116 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.111.138.100 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.234.16.71 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.234.16.71 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.234.16.71 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.221.67.19 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.221.67.19 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.37.108.208 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.44.165.35 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.44.165.35 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.44.165.77 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file199.36.223.62 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file199.36.223.62 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.201.123.99 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file24.254.118.248 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file4.229.227.81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file4.229.227.81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.138.16.87 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.1.103.69 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file65.21.8.16 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file79.134.225.113 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.107.228.216 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file82.117.253.136 | DarkGate botnet C2 server (confidence level: 100%) | |
file91.92.242.229 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file95.217.244.44 | Vidar botnet C2 server (confidence level: 100%) | |
file65.108.152.136 | Vidar botnet C2 server (confidence level: 100%) | |
file195.201.46.42 | Vidar botnet C2 server (confidence level: 100%) | |
file109.99.113.208 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file135.181.11.41 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file167.71.56.116 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file178.254.32.61 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file192.160.0.65 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file193.42.33.210 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file201.79.229.55 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file37.1.207.27 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file43.135.4.224 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.148.244.83 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.61.128.77 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file54.94.248.37 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file8.134.72.167 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file209.127.186.232 | Remcos botnet C2 server (confidence level: 75%) | |
file147.185.221.16 | XWorm botnet C2 server (confidence level: 50%) | |
file147.185.221.16 | XWorm botnet C2 server (confidence level: 50%) | |
file147.185.221.16 | XWorm botnet C2 server (confidence level: 50%) | |
file15.228.35.69 | XWorm botnet C2 server (confidence level: 50%) | |
file172.177.19.106 | XWorm botnet C2 server (confidence level: 50%) | |
file188.148.105.135 | XWorm botnet C2 server (confidence level: 50%) | |
file35.220.199.19 | XWorm botnet C2 server (confidence level: 50%) | |
file54.90.216.100 | XWorm botnet C2 server (confidence level: 50%) | |
file62.233.57.160 | XWorm botnet C2 server (confidence level: 50%) | |
file109.107.178.106 | DarkComet botnet C2 server (confidence level: 80%) | |
file4.227.189.107 | Unknown malware botnet C2 server (confidence level: 50%) | |
file112.3.30.170 | Deimos botnet C2 server (confidence level: 50%) | |
file139.28.36.5 | Havoc botnet C2 server (confidence level: 50%) | |
file147.182.146.29 | Responder botnet C2 server (confidence level: 50%) | |
file90.4.184.29 | QakBot botnet C2 server (confidence level: 50%) | |
file188.161.234.48 | QakBot botnet C2 server (confidence level: 50%) | |
file102.156.106.202 | QakBot botnet C2 server (confidence level: 50%) | |
file197.26.188.179 | QakBot botnet C2 server (confidence level: 50%) | |
file154.246.62.35 | QakBot botnet C2 server (confidence level: 50%) | |
file154.246.62.35 | QakBot botnet C2 server (confidence level: 50%) | |
file59.88.27.148 | QakBot botnet C2 server (confidence level: 50%) | |
file43.153.207.85 | Unknown malware botnet C2 server (confidence level: 50%) | |
file54.233.162.122 | Unknown malware botnet C2 server (confidence level: 80%) | |
file154.26.157.48 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.215.113.61 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file154.213.17.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.156.2.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.85.73.13 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash14356 | Mirai botnet C2 server (confidence level: 75%) | |
hash24901 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash7cab5be54ea256801ffbb8c5f14bbe8acf8c8edf4b14bec82a8e73f2a22fc229 | IRATA payload (confidence level: 100%) | |
hash973915a73886ef408763d305dbe5751d261f7d8830052e41b531967822296537 | IRATA payload (confidence level: 100%) | |
hashc3a9e6a732a84fe4b81b1baeae069ec493e06318fcd5e64292f1ff6cb1f1caa9 | IRATA payload (confidence level: 100%) | |
hash5d2eacac07062b0fa317c0e09cabbbcedb06a57cb0a4f083f25c8c6225c06210 | IRATA payload (confidence level: 100%) | |
hash3443a6f35fe0a67eca82926719dead31ba13da6d4e261fb90d61fd9e6a393a3a | IRATA payload (confidence level: 100%) | |
hash7aba840cab8eb7550f125127b2cd2de247dcdee330588f05dfcf5d54951dbb3a | IRATA payload (confidence level: 100%) | |
hashe27a6a678d2a3391d3dedd7f6b5bcffe | IRATA payload (confidence level: 100%) | |
hash45d298d77388b0ed1c4e8c3a606372b4 | IRATA payload (confidence level: 100%) | |
hashe8d1dba8557e9cc05e776c98cb1d4487 | IRATA payload (confidence level: 100%) | |
hash9c05241bbb97adcfe928b71aa750a842 | IRATA payload (confidence level: 100%) | |
hash601c0ef164e21c0054ee508459aca013 | IRATA payload (confidence level: 100%) | |
hashc0234b268d9360134d50230bc76f2ed8 | IRATA payload (confidence level: 100%) | |
hashb1cf78b086b1611faa31eba09b1e1e4be9fe1d0b48445e961160936c968688b2 | IRATA payload (confidence level: 100%) | |
hash2f79ba5506bd211b452481a3c2047d2ccda8b44e73e191649b42844e0bad4108 | IRATA payload (confidence level: 100%) | |
hash4d702d443ed2aeac60ed77f6fe48c2b7356dee10b2e5e2691da85945d7e72688 | IRATA payload (confidence level: 100%) | |
hash66b2be1da3c7546f6356f0017c07bbe9733a42c4ed06ada7c61a75d7200cb02e | IRATA payload (confidence level: 100%) | |
hash730862de1bb846e0effbe03dfe0e52ec2dc72f61c384fcf760c5a4e519999118 | IRATA payload (confidence level: 100%) | |
hash17d001badc91a8e6fa10766ed9e0d779c7acbb97f1b41582ab073e217e96cfbc | IRATA payload (confidence level: 100%) | |
hash0cb96aa4ef5e80a0bc1bb1fe2ac92e137d80aa42674b62a3e62d32b06cf8109b | IRATA payload (confidence level: 100%) | |
hash87519074d04e8a2e308a57c78bc26a96 | IRATA payload (confidence level: 100%) | |
hash76c144719369a2c045233e9adefccdab | IRATA payload (confidence level: 100%) | |
hash013814a7b0cbe71c53959ceda800b850 | IRATA payload (confidence level: 100%) | |
hash37db4fb67e3dec1f7798547dbfa7335c | IRATA payload (confidence level: 100%) | |
hash9764064fe0987903056d5aae34dbd162 | IRATA payload (confidence level: 100%) | |
hash5060438df06671415a6f2e614405420b | IRATA payload (confidence level: 100%) | |
hash212b9c30e66bcdbe07c8e03cfea2f504 | IRATA payload (confidence level: 100%) | |
hash80 | IRATA payload delivery server (confidence level: 100%) | |
hash443 | IRATA payload delivery server (confidence level: 100%) | |
hash1606 | Remcos botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8080 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | pupy botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash993 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1024 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash53 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash53 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash53 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash8443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash53 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash53 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash21 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash8080 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash8080 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash21 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash12345 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash65000 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash8080 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash12345 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash21 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash8080 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash44444 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash54357 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash4285 | Remcos botnet C2 server (confidence level: 75%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 80%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | SharkBot botnet C2 server (confidence level: 75%) | |
hash53 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 60%) | |
hash443 | IcedID botnet C2 server (confidence level: 60%) | |
hash1604 | Remcos botnet C2 server (confidence level: 75%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash993 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash32443 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash995 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash993 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash53 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash53 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6106 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8801 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2345 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7771 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash47793 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash57444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash13044 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash22863 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4447 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash18883 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6602 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8802 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6105 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash52364 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash30120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8081 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash998 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9371 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9346 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2351 | DarkGate botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2424 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash22112 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5040 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4444 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash222 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4789 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7752 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5552 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash16018 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8808 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4765 | Remcos botnet C2 server (confidence level: 75%) | |
hash18915 | XWorm botnet C2 server (confidence level: 50%) | |
hash40164 | XWorm botnet C2 server (confidence level: 50%) | |
hash49975 | XWorm botnet C2 server (confidence level: 50%) | |
hash5000 | XWorm botnet C2 server (confidence level: 50%) | |
hash7000 | XWorm botnet C2 server (confidence level: 50%) | |
hash2112 | XWorm botnet C2 server (confidence level: 50%) | |
hash7000 | XWorm botnet C2 server (confidence level: 50%) | |
hash7001 | XWorm botnet C2 server (confidence level: 50%) | |
hash6789 | XWorm botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 80%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10250 | Deimos botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash2078 | QakBot botnet C2 server (confidence level: 50%) | |
hash993 | QakBot botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash16034 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainapi.dynabot.top | RedLine Stealer botnet C2 domain (confidence level: 100%) | |
domainsdt.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainsst.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainssn.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainssj.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainssv.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainscv.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainssf.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainssc.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainshc.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainshf.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainscm.dns05.com | IRATA payload delivery domain (confidence level: 100%) | |
domainrdc.dns05.com | IRATA payload delivery domain (confidence level: 100%) | |
domainfbc.dns05.com | IRATA payload delivery domain (confidence level: 100%) | |
domainsmf.dns05.com | IRATA payload delivery domain (confidence level: 100%) | |
domainsmc.dns05.com | IRATA payload delivery domain (confidence level: 100%) | |
domainfca.dns05.com | IRATA payload delivery domain (confidence level: 100%) | |
domainns.controlcavi.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindns31.starbucksvip.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindns32.starbucksvip.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain12tainss1s.xyz | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain474ba67bdb289c6263b36dfd8.xyz | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainaaarr43.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainamm.mine.nu | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainasdvua78v8ed4t6fhvha.cn | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainasfyvisoeogtca3.fun | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbendicionesoctubre.ddnsguru.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbest-recycling.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbloxstrap.theworkpc.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbollon8.kozow.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindcemprendimiento.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindkteamfix.webhop.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindool.ddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindrippmedsot.mywire.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainenvio2023asy.bumbleshrimp.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainerouhisugvizi4.cn | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainexrobotos.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainextra-hack.ddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfoodie.ooguy.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainforlatinamerica.bumbleshrimp.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainhmza.con-ip.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainitskmc.run.place | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainjauan2023.kozow.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainjobsearchtest.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainknowledge-variance.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainl11ol12s.sells-it.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainlesson.webredirect.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainlila152512.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainlol1112s.sells-it.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainloveisthegreatest.ddnsfree.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmicrowsfp5555.ddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmloptuytonroyem.sytes.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmodyforeditor.loseyourip.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnew22.vpndns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnewjakodns.con-ip.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnsairoet.kozow.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainpacman.dontexist.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainrxrr.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsaofidubixo4r.top | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsdhvvy7vbysuxnvjdr6gtd64.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsen3tors.linkpc.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainshady-mo.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintaaymhost.ddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainw3llstore.work.gd | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwebazssc.sytes.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwebazsswebc.sytes.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwebwdircetcc.sytes.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwebwsetcc.sytes.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwindowsignn.theworkpc.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainyaper.dynuddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainaction-list.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainalex123123123141-56619.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainalibabash.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainallah420.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainan-volunteer.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainawoware.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainberlinqua.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainbitra12.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainboogerbreath-59460.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincom-overhead.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindance-civilization.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindng.dns05.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindng05vpn.v4.softether.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindonbaguette-43001.portmap.io | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindouzi.my-wan.de | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaineveryone-substantially.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainfragrant-pine-29547.pktriot.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainfrosty-wind-77851.pktriot.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainfrp.deitie.asia | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaininput-helps.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjapanese-youth.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjohndoenut-37242.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainkids-reported.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmemet.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmercurial6969-64808.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmessage-pockets.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmicrosoft-virtualpc.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainokaa0-35095.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainokaa0-51499.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainopportunity-pillow.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainscambaiting2022.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainschools-softball.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainserverlolxd.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainshort-shortly.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainthrobbing-mountain-09011.pktriot.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintsxrkj.synology.me | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainvisoxd-63447.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainvoicia-net.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwithout-sure.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainyoutubevideos.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainzeroski.ink | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domain2freshinxworm2.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainantilol2113-61842.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaincase-defines.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindizzywizzy-61490.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainespadadz.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainf8terat.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainfederal-true.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfl-distributions.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfunctions-screensavers.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingarden-event.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingoheg99417-59409.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaingraxe239-61522.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainhaving-nevertheless.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainjuandice-60636.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainkriz-nas.ddnss.de | XWorm botnet C2 domain (confidence level: 100%) | |
domainlead-selections.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainm0ney7.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainmedia-specified.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmenu-webcam.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainnormanisback.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainnotfishvr55-32209.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainokaa0-25007.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainokaa0-35095.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainpartner-juice.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainq-grounds.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainraven123.ddnsgeek.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainreference-tokyo.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainregistered-dt.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainreleases-photos.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainshows-brussels.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsize-bills.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaintarekfr77-41254.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaintcxerr.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainns18.clsr.ca | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainupdate.mis.charitykp.info | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincheck.mis.charitykp.info | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainlogin.mis.charitykp.info | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainloodwork.fun | Lumma Stealer botnet C2 domain (confidence level: 50%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://ayranoos.net/ | Hydra botnet C2 (confidence level: 100%) | |
urlhttp://sdt.fartit.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://sst.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://ssn.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://ssj.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://ssv.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://scv.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://ssc.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://ssf.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://shc.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://shf.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://scm.dns05.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://rdc.dns05.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://fbc.dns05.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://smf.dns05.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://fca.dns05.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://smc.dns05.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://5.182.86.156/eternalpipesqltrackcdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://atillapro.com/vsdjcn3khs/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://5.42.66.9/vsdjcn3khs/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://69.197.161.106/g9sdjscv2/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://0-9u210edu12j-dj-1.xyz/g9smksxla/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://185.196.8.176/7jshasds/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://167.235.20.126/bjdm32dp/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://193.42.33.7/mbsdvj3/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://77.91.97.162/g93kdwj3s/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://kbond2024.org/g9sdjscv2/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://barbecueappledos.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://terninadeshi.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://proogreso.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://sensfixlook.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://bloockflad.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://139.9.186.196/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://198.46.143.110/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://142.93.2.25:10026/contact/v9.23/aodfy6x8uv | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.113.204.90:8080/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://18.185.64.250/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.249.9.208/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://185.172.128.19/ghsdh39s/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://47.94.221.227/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.39.78.153:8080/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://redteam.tandemcyberops.co/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.144.231.110/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://content.microsoft.com.w.kunlunca.com/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.40.66.171:85/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://182.43.71.62:8888/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://121.40.66.171/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://gravellyroadhunge.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://gpksanfrancisco.com/cdn-vs/get.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://gpksanfrancisco.com/cache/qzwewmrqqgqnaww.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://forumsecrets.com/getimagedata.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://121.37.214.255/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://213.226.123.124/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://85.209.11.131/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.249.9.208/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.95.37.191/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://16.163.101.10:2052/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://182.92.216.47/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://95.217.244.44/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.108.152.136/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://195.201.46.42/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://124.222.14.232:28080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://101.43.96.246/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://loodwork.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://revivalsecularas.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://interplaychoske.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://bookgames.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://154.213.17.132:999/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.156.2.29/owa/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://95.85.73.13/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://baywatchrent.fr/doihn12ijok21.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://hangdrums.fr/pofoiwjeniofj12.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://mon-carnet-de-sante.fr/pqoicjein2.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://ocube-consulting.fr/ofiuewq20o1.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://supportlights.com/customerresources | WikiLoader payload delivery URL (confidence level: 100%) | |
urlhttps://supportlights.com/appropriate | WikiLoader payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.discordapp.com/attachments/1170771441797566586/1174334633442291753/ccleaner.zip | WikiLoader payload delivery URL (confidence level: 100%) |
Threat ID: 682b7baad3ddd8cef2ea8b91
Added to database: 5/19/2025, 6:42:50 PM
Last enriched: 6/18/2025, 7:20:32 PM
Last updated: 8/17/2025, 10:22:17 PM
Views: 16
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.