Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2023-12-21

Medium
Malwaretype:osinttlp:white
Published: Thu Dec 21 2023 (12/21/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-12-21

AI-Powered Analysis

AILast updated: 06/18/2025, 09:06:53 UTC

Technical Analysis

The provided threat information pertains to a set of Indicators of Compromise (IOCs) published by ThreatFox on December 21, 2023, categorized under malware with a focus on OSINT (Open Source Intelligence) activities. The threat is characterized primarily by network activity and payload delivery mechanisms, suggesting that it involves the distribution or deployment of malicious payloads via network channels. However, no specific affected software versions or products are identified, indicating that the IOCs may be generic or relate to broad threat actor infrastructure rather than a specific vulnerability in a particular product. The absence of known exploits in the wild and the lack of available patches further imply that this threat is not tied to a newly discovered software vulnerability but rather to observed malicious behaviors or artifacts useful for threat detection and intelligence gathering. The threat level is rated as 2 on an unspecified scale, with moderate analysis and distribution scores, suggesting moderate confidence in the threat's relevance and a moderate spread or targeting scope. The tags and categories emphasize OSINT and network-based payload delivery, which typically involve reconnaissance, data gathering, and subsequent exploitation or infection stages. The lack of CWEs (Common Weakness Enumeration) and patch information supports the interpretation that this is an intelligence-focused threat report rather than a direct software vulnerability. Overall, this threat represents a medium-severity malware-related activity focused on network-based payload delivery and OSINT, useful for security teams to enhance detection capabilities and monitor network traffic for suspicious indicators.

Potential Impact

For European organizations, the impact of this threat is primarily related to increased exposure to network-based malware delivery and potential data exfiltration or system compromise through payloads identified by the IOCs. Since the threat involves OSINT and network activity, organizations with significant external-facing infrastructure or those involved in sensitive data processing could face risks of reconnaissance leading to targeted attacks. The medium severity suggests that while the threat is not immediately critical, it could facilitate initial access or lateral movement if leveraged by threat actors. The lack of specific affected products means the threat could potentially impact a wide range of systems, especially those lacking robust network monitoring and threat detection capabilities. European organizations in sectors such as finance, critical infrastructure, and government may be particularly sensitive to such threats due to the strategic value of their data and services. Additionally, the absence of known exploits in the wild indicates that proactive detection and response can effectively mitigate impact before widespread exploitation occurs.

Mitigation Recommendations

To mitigate this threat effectively, European organizations should implement enhanced network monitoring focused on detecting the specific IOCs provided by ThreatFox, integrating these indicators into existing SIEM (Security Information and Event Management) and IDS/IPS (Intrusion Detection/Prevention Systems) solutions. Since no patches are available, emphasis should be placed on behavioral analysis and anomaly detection to identify unusual network payload delivery attempts. Organizations should also conduct regular OSINT threat intelligence updates to stay informed about emerging indicators and tactics related to this threat. Network segmentation and strict access controls can limit the potential spread of payloads if initial compromise occurs. Additionally, implementing strict egress filtering and monitoring outbound traffic can help detect data exfiltration attempts linked to this threat. Employee awareness programs focusing on recognizing suspicious network activity and phishing attempts, which often precede payload delivery, will further reduce risk. Finally, collaboration with national and European cybersecurity information sharing platforms can enhance situational awareness and collective defense against such OSINT-driven threats.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
BelgiumBelgium
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fdfc8459-5cb7-4523-91be-aa61a1aa9791
Original Timestamp
1703203387

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://creepfleetconfusew.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://moscow-post.ru/blogggg/blogger.php
Mars Stealer botnet C2 (confidence level: 100%)
urlhttp://962855cm.nyashtech.top/datalifetemp.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://bombertublestylebanws.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://194.26.135.67/mtq4mmuxodbhmtvi/
Coper botnet C2 (confidence level: 80%)
urlhttp://82.146.37.188/cdnmulti/linepollsqldlecdn.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://zekhost.000webhostapp.com/396833e4.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://95.216.178.71/
Vidar botnet C2 (confidence level: 100%)
urlhttp://1.15.189.30/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://213.109.202.219/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://82.157.78.234/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-lqsfxdz9-1307700818.sh.tencentapigw.com/geqeqwea.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://138.197.178.187/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.164.49.148/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://qw.regsvcast.com/hr
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://as.regsvcast.com/hr
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://zx.regsvcast.com/hr
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://paldiengineering.com/8wjmd9n/0.5687043298865158.dat
Pikabot payload delivery URL (confidence level: 100%)
urlhttps://israrliaqat.com/6wx4/0.844468240812589.dat
Pikabot payload delivery URL (confidence level: 100%)
urlhttps://grehlingerssealcoating.com/3hidbt/0.6552612703498036.dat
Pikabot payload delivery URL (confidence level: 100%)
urlhttps://saeedalkarmi.com/at2ja9/0.6508004520633979.dat
Pikabot payload delivery URL (confidence level: 100%)
urlhttps://gofly.id/p9g/0.9681228263349928.dat
Pikabot payload delivery URL (confidence level: 100%)
urlhttps://holyrosaryinternational.com/n1h3/0.5119460133828262.dat
Pikabot payload delivery URL (confidence level: 100%)
urlhttp://193.3.19.247/pl.exe
Phorpiex payload delivery URL (confidence level: 100%)
urlhttp://193.3.19.247/sl.exe
Phorpiex payload delivery URL (confidence level: 100%)
urlhttp://103.114.107.28/l1010/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l1212/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l1414/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l1616/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l1919/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l2121/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l22/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l2323/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l24/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l25/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l2626/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l27/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l2828/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l29/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l3030/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l3131/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l32/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l33/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l34/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l35/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l36/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l37/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l38/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l39/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l404/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l4040/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l606/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://103.114.107.28/l808/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://2.56.57.108/osk/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://2.56.59.226/www/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://37.0.11.237/nn/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://64.188.21.227/x/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://9enternecera.ru.com/os/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://adwa2tv.com/new/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://aegismd.ca/cgi/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://b1xz.duckdns.org/b11/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://b1xz.duckdns.org/b24/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://b1xz.duckdns.org/b27/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://b1xz.duckdns.org/b40/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://b1xz.duckdns.org/b505/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://de4mon-p4nel.site/oski/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://elsantos.co/sa/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://gilvantur.com/site/bot/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://ipc-nena.net/oski/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://itskuba.com/1g
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://marbellacabs.com/hao/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://mcharglaw.com/cgi/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://mmcjo.com/crown/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://no1geekfun.com/surce/a/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://pplonline.org/cgi/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://rgjeweller.mu/oski/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://smarteyecare.in/assets/fonts/static/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://soitaab.co/make/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://sunwindz.in.net/su/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://trafficbadassery.com/a/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://tunqyuindia.com/mar3/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://web24host.com/a/a/www/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://zenginler.online/oski/
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://8.141.13.130:8001/system/role/list
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.136.14.51/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://165.3.113.96/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://91.92.252.228/vlenath
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.140.147.193/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://164.155.212.249:8087/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://115.159.112.155/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://85.209.11.236/broadcast
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://195.20.16.45/api/firegate.php
PrivateLoader botnet C2 (confidence level: 100%)
urlhttp://195.20.16.45/api/firepro.php
PrivateLoader botnet C2 (confidence level: 100%)
urlhttp://111.229.163.225/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.109.102.98/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cdn-014.epsonupdate.uk/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domaingetfnewsolutions.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbluenetworking.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainerihudeg.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmail.googlesmail.xyz
Cobalt Strike botnet C2 domain (confidence level: 50%)
domainadavanced-ip-scaner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadavanced-ip-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadevancd-lp-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadevanced-ip-scans.com
DanaBot payload delivery domain (confidence level: 75%)
domainadevanced-lp-scaners.com
DanaBot payload delivery domain (confidence level: 75%)
domainadevanced-lp-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadevanced-lp-scanners.com
DanaBot payload delivery domain (confidence level: 75%)
domainadsvancd-lp-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadsvanced-ip-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvancd-ip-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvancd-ip-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvancd-lp-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-ip-scan.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-ip-scanned.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-ip-scanning.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-ip-scanning.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-ipscan.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-ipscanning.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-lp-scan.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-lp-scaners.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-lp-scaners.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-lp-scanned.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-lp-scanned.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-lp-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-lp-scanners.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanced-port-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvancede-ip-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvancedes-ip-scan.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvancedes-ip-scan.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvancedes-ip-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvancedes-ip-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvancedes-lp-scan.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvancedes-lp-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvancedes-lp-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvancedip-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvancedlpscanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvanceds-ip-scan.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvanceds-ip-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvanceds-lp-scanner.net
DanaBot payload delivery domain (confidence level: 75%)
domainadvnced-ip-scan.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvnced-ip-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domainadvnced-lp-scanner.com
DanaBot payload delivery domain (confidence level: 75%)
domaininductiveautomatlon.com
DanaBot payload delivery domain (confidence level: 75%)
domaininductiveoutomation.com
DanaBot payload delivery domain (confidence level: 75%)
domaininductlveautomation.com
DanaBot payload delivery domain (confidence level: 75%)
domainmycaase.com
DanaBot payload delivery domain (confidence level: 75%)
domainmycaase.net
DanaBot payload delivery domain (confidence level: 75%)
domainoldsfaq.com
DanaBot payload delivery domain (confidence level: 75%)
domaintechnorobo-life.com
DanaBot payload delivery domain (confidence level: 75%)
domainservice-lqsfxdz9-1307700818.sh.tencentapigw.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainqw.regsvcast.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainas.regsvcast.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainzx.regsvcast.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwithclier.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns1.dns-supports.online
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns2.dns-supports.online
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincdn-014.epsonupdate.uk
Cobalt Strike botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file171.5.184.236
Meterpreter botnet C2 server (confidence level: 80%)
file54.39.105.235
Xtreme RAT botnet C2 server (confidence level: 80%)
file77.105.132.87
RedLine Stealer botnet C2 server (confidence level: 100%)
file15.207.21.242
Meterpreter botnet C2 server (confidence level: 80%)
file121.37.82.36
Cobalt Strike botnet C2 server (confidence level: 80%)
file13.232.180.80
Meterpreter botnet C2 server (confidence level: 80%)
file94.131.107.198
BianLian botnet C2 server (confidence level: 50%)
file139.84.147.34
Havoc botnet C2 server (confidence level: 50%)
file91.92.250.227
Havoc botnet C2 server (confidence level: 50%)
file13.38.219.27
Havoc botnet C2 server (confidence level: 50%)
file69.164.199.179
Havoc botnet C2 server (confidence level: 50%)
file13.213.218.169
Havoc botnet C2 server (confidence level: 50%)
file76.84.73.88
Responder botnet C2 server (confidence level: 50%)
file138.197.68.179
Responder botnet C2 server (confidence level: 50%)
file95.215.108.41
QakBot botnet C2 server (confidence level: 50%)
file24.241.8.84
QakBot botnet C2 server (confidence level: 50%)
file216.83.58.190
Unknown malware botnet C2 server (confidence level: 50%)
file109.123.227.167
Pikabot botnet C2 server (confidence level: 50%)
file3.127.138.57
NjRAT botnet C2 server (confidence level: 100%)
file18.157.68.73
NjRAT botnet C2 server (confidence level: 100%)
file18.192.93.86
NjRAT botnet C2 server (confidence level: 100%)
file194.147.140.222
Remcos botnet C2 server (confidence level: 100%)
file13.126.178.6
Meterpreter botnet C2 server (confidence level: 80%)
file104.21.88.185
Cobalt Strike botnet C2 server (confidence level: 50%)
file95.216.178.71
Vidar botnet C2 server (confidence level: 100%)
file87.107.164.199
Meterpreter botnet C2 server (confidence level: 80%)
file194.26.29.153
SectopRAT botnet C2 server (confidence level: 100%)
file185.11.61.65
DanaBot payload delivery server (confidence level: 75%)
file1.15.189.30
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.157.78.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file138.197.178.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.164.49.148
Cobalt Strike botnet C2 server (confidence level: 100%)
file147.78.47.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file144.91.113.0
Pikabot botnet C2 server (confidence level: 100%)
file172.232.172.228
Pikabot botnet C2 server (confidence level: 100%)
file172.232.7.224
Pikabot botnet C2 server (confidence level: 100%)
file172.232.172.171
Pikabot botnet C2 server (confidence level: 100%)
file109.123.227.166
Pikabot botnet C2 server (confidence level: 100%)
file101.201.224.75
Cobalt Strike botnet C2 server (confidence level: 80%)
file13.233.98.101
Meterpreter botnet C2 server (confidence level: 80%)
file5.42.65.31
RedLine Stealer botnet C2 server (confidence level: 100%)
file185.225.69.33
DanaBot botnet C2 server (confidence level: 100%)
file185.172.128.33
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.67.231.4
Ficker Stealer botnet C2 server (confidence level: 100%)
file79.110.52.39
Ficker Stealer botnet C2 server (confidence level: 100%)
file2.56.212.247
Ficker Stealer botnet C2 server (confidence level: 100%)
file5.75.178.55
Meterpreter botnet C2 server (confidence level: 80%)
file172.232.189.141
Pikabot botnet C2 server (confidence level: 100%)
file5.180.151.194
Pikabot botnet C2 server (confidence level: 100%)
file154.38.185.136
Pikabot botnet C2 server (confidence level: 100%)
file5.180.151.180
Pikabot botnet C2 server (confidence level: 100%)
file172.234.224.202
Pikabot botnet C2 server (confidence level: 100%)
file109.123.227.170
Pikabot botnet C2 server (confidence level: 100%)
file109.123.227.147
Pikabot botnet C2 server (confidence level: 100%)
file85.239.237.153
Pikabot botnet C2 server (confidence level: 100%)
file154.38.164.50
Pikabot botnet C2 server (confidence level: 100%)
file109.123.227.174
Pikabot botnet C2 server (confidence level: 100%)
file164.155.212.249
Cobalt Strike botnet C2 server (confidence level: 100%)
file109.123.227.158
Pikabot botnet C2 server (confidence level: 100%)
file198.251.89.101
Cobalt Strike botnet C2 server (confidence level: 80%)
file45.142.182.103
Mirai botnet C2 server (confidence level: 75%)
file193.233.132.72
RedLine Stealer botnet C2 server (confidence level: 100%)
file158.160.58.164
BumbleBee botnet C2 server (confidence level: 75%)
file198.98.48.31
Cobalt Strike botnet C2 server (confidence level: 80%)
file185.172.128.33
RedLine Stealer botnet C2 server (confidence level: 100%)
file167.114.115.246
Sliver botnet C2 server (confidence level: 50%)
file47.100.126.235
Unknown malware botnet C2 server (confidence level: 50%)
file198.13.36.52
Havoc botnet C2 server (confidence level: 50%)
file193.233.203.168
Havoc botnet C2 server (confidence level: 50%)
file91.92.253.137
Havoc botnet C2 server (confidence level: 50%)
file31.222.238.48
Havoc botnet C2 server (confidence level: 50%)
file101.37.23.56
Unknown malware botnet C2 server (confidence level: 50%)
file121.37.208.133
Unknown malware botnet C2 server (confidence level: 50%)
file154.8.162.103
Unknown malware botnet C2 server (confidence level: 50%)
file103.185.249.231
Cobalt Strike botnet C2 server (confidence level: 80%)
file185.196.9.234
Cobalt Strike botnet C2 server (confidence level: 80%)
file106.52.244.189
Cobalt Strike botnet C2 server (confidence level: 80%)
file83.10.50.193
Unknown malware botnet C2 server (confidence level: 80%)
file45.8.158.71
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.92.248.33
N-W0rm botnet C2 server (confidence level: 100%)
file27.124.3.19
Orcus RAT botnet C2 server (confidence level: 100%)
file165.3.113.96
Cobalt Strike botnet C2 server (confidence level: 80%)
file103.143.248.179
Cobalt Strike botnet C2 server (confidence level: 80%)
file165.3.113.96
Cobalt Strike botnet C2 server (confidence level: 80%)
file193.29.13.220
Cobalt Strike botnet C2 server (confidence level: 80%)
file139.155.153.109
Cobalt Strike botnet C2 server (confidence level: 80%)

Hash

ValueDescriptionCopy
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 80%)
hash22221
RedLine Stealer botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash8834
Cobalt Strike botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash8443
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash8443
Havoc botnet C2 server (confidence level: 50%)
hash45923
Havoc botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash5938
Pikabot botnet C2 server (confidence level: 50%)
hash12460
NjRAT botnet C2 server (confidence level: 100%)
hash12460
NjRAT botnet C2 server (confidence level: 100%)
hash12460
NjRAT botnet C2 server (confidence level: 100%)
hash2025
Remcos botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash15648
SectopRAT botnet C2 server (confidence level: 100%)
hash443
DanaBot payload delivery server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash13721
Pikabot botnet C2 server (confidence level: 100%)
hash2221
Pikabot botnet C2 server (confidence level: 100%)
hash9785
Pikabot botnet C2 server (confidence level: 100%)
hash13721
Pikabot botnet C2 server (confidence level: 100%)
hash5938
Pikabot botnet C2 server (confidence level: 100%)
hash2333
Cobalt Strike botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash48396
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
DanaBot botnet C2 server (confidence level: 100%)
hash35875
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Ficker Stealer botnet C2 server (confidence level: 100%)
hash80
Ficker Stealer botnet C2 server (confidence level: 100%)
hash80
Ficker Stealer botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash2078
Pikabot botnet C2 server (confidence level: 100%)
hash5631
Pikabot botnet C2 server (confidence level: 100%)
hash5243
Pikabot botnet C2 server (confidence level: 100%)
hash2224
Pikabot botnet C2 server (confidence level: 100%)
hash13785
Pikabot botnet C2 server (confidence level: 100%)
hash5632
Pikabot botnet C2 server (confidence level: 100%)
hash5243
Pikabot botnet C2 server (confidence level: 100%)
hash5632
Pikabot botnet C2 server (confidence level: 100%)
hash5243
Pikabot botnet C2 server (confidence level: 100%)
hash23399
Pikabot botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2223
Pikabot botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash4426
Mirai botnet C2 server (confidence level: 75%)
hash36295
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash8099
Cobalt Strike botnet C2 server (confidence level: 80%)
hash38294
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash8443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash18080
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash81
Cobalt Strike botnet C2 server (confidence level: 80%)
hash80
Unknown malware botnet C2 server (confidence level: 80%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4782
N-W0rm botnet C2 server (confidence level: 100%)
hash6606
Orcus RAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash81
Cobalt Strike botnet C2 server (confidence level: 80%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 80%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 80%)

Threat ID: 682acdc3bbaf20d303f196c1

Added to database: 5/19/2025, 6:20:51 AM

Last enriched: 6/18/2025, 9:06:53 AM

Last updated: 7/29/2025, 10:27:35 PM

Views: 13

Related Threats

Spear Phishing Campaign Delivers VIP Keylogger via Email Attachment

Medium
MalwareWed Jul 30 2025

LNK Trojan delivers REMCOS

Medium
MalwareWed Jul 30 2025

Targeted attacks leverage accounts on popular online platforms as C2 servers

Medium
MalwareWed Jul 30 2025

SQLi vuln sites - 2015-08-12 - origin: pastebin.com/23fDLE1G

Low
VulnerabilityWed Jul 30 2025

OSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West

Medium
UnknownWed Jul 30 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats