ThreatFox IOCs for 2024-04-10
ThreatFox IOCs for 2024-04-10
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-04-10 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data indicates that these IOCs are intended to support threat intelligence efforts by identifying malicious network behaviors and payload delivery mechanisms observed in the wild. However, there are no specific affected software versions or products listed, no known exploits currently active, and no patches available, which suggests this is primarily an intelligence update rather than a direct vulnerability or exploit. The threat level is rated as medium with a threatLevel score of 2 and distribution score of 3, indicating moderate prevalence or distribution of the associated malware or network activity. The absence of detailed technical indicators or specific malware family names limits the granularity of the analysis. The classification under OSINT and network activity implies that these IOCs are useful for detection and monitoring rather than representing a novel or zero-day exploit. Overall, this threat intelligence update serves as a resource for security teams to enhance detection capabilities against known malicious payload delivery and network behaviors but does not describe a new or active exploit targeting specific software or infrastructure.
Potential Impact
For European organizations, the impact of this threat is primarily related to the ability to detect and respond to malicious network activity and payload delivery attempts. Since no specific vulnerabilities or exploits are described, the direct risk of compromise depends on the organization's existing exposure to malware campaigns that these IOCs represent. If these indicators correspond to malware strains or attack campaigns targeting sectors prevalent in Europe, such as finance, manufacturing, or critical infrastructure, organizations could face risks including data exfiltration, service disruption, or unauthorized access. However, given the medium severity and lack of active known exploits, the immediate operational impact is likely limited to enhanced monitoring and incident response activities. European entities that integrate these IOCs into their security monitoring tools can improve threat detection and reduce dwell time for attackers leveraging these payload delivery methods. The absence of patches or fixes means that mitigation relies on detection and response rather than vulnerability remediation.
Mitigation Recommendations
To effectively mitigate risks associated with these IOCs, European organizations should: 1) Integrate the provided IOCs into their Security Information and Event Management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enhance detection of related network activity and payload delivery attempts. 2) Conduct regular threat hunting exercises using these IOCs to identify potential compromises early. 3) Maintain up-to-date endpoint protection and network segmentation to limit malware spread if payload delivery is successful. 4) Employ network traffic analysis tools to monitor for anomalous behaviors consistent with the indicators. 5) Train security operations teams to recognize patterns associated with these IOCs and respond promptly. 6) Collaborate with threat intelligence sharing communities to receive updates on evolving indicators and related threats. Since no patches are available, emphasis should be on proactive detection and containment strategies rather than remediation of software vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- url: https://ahhhuu22cxxx.com/zdfmmdlmzwe1ztji/
- url: https://h23hxa22f3f2a.com/zdfmmdlmzwe1ztji/
- url: https://h13f2hah2aa.com/zdfmmdlmzwe1ztji/
- url: https://cwcwac3f422af.com/zdfmmdlmzwe1ztji/
- url: https://g2agfawfw.com/zdfmmdlmzwe1ztji/
- file: 77.221.137.22
- hash: 443
- file: 47.242.231.229
- hash: 65503
- file: 51.68.169.77
- hash: 443
- file: 89.105.201.98
- hash: 591
- file: 179.13.0.175
- hash: 5556
- url: https://154.23.178.106/lets.exe
- url: http://38.181.35.175/lets.exe
- url: https://154.23.178.139/lets.exe
- url: http://154.23.178.70/lets.exe
- domain: kuailianv.com
- domain: winarkamaps.com
- domain: stratimasesstr.com
- url: https://boom.baiduboomboom.tk:2096/__utm.gif
- domain: boom.baiduboomboom.tk
- file: 1.15.247.249
- hash: 2096
- file: 51.79.87.4
- hash: 8732
- url: https://116.203.15.18/
- file: 116.203.15.18
- hash: 443
- file: 167.71.105.169
- hash: 443
- file: 47.245.38.152
- hash: 443
- file: 47.236.151.19
- hash: 443
- file: 167.172.246.65
- hash: 80
- file: 167.172.246.65
- hash: 443
- file: 8.140.193.181
- hash: 8443
- file: 97.118.50.67
- hash: 993
- file: 188.126.90.3
- hash: 5000
- file: 51.116.96.182
- hash: 4000
- file: 46.246.14.9
- hash: 6000
- file: 179.13.2.154
- hash: 2230
- file: 111.223.247.163
- hash: 8888
- file: 101.200.214.198
- hash: 8888
- file: 121.36.61.185
- hash: 8888
- file: 101.200.160.159
- hash: 8888
- file: 194.87.236.115
- hash: 80
- file: 106.54.222.22
- hash: 80
- file: 38.89.76.175
- hash: 61915
- file: 166.88.61.185
- hash: 606
- file: 91.92.253.58
- hash: 23
- file: 91.92.240.123
- hash: 999
- file: 45.148.244.74
- hash: 839
- domain: emv1.ib-comm-gateway.com
- domain: zhudaji.com
- domain: rubiconviewer.buzz
- domain: hatsune.network
- domain: int.hatsune.network
- url: https://covid19help.top/pdtzx.scr
- domain: dsbr.cam
- file: 94.156.8.110
- hash: 80
- file: 14.225.219.227
- hash: 80
- domain: jswl.vipsf888.com
- url: https://119.91.214.152/ie9compatviewlist.xml
- url: https://23.95.254.136/jquery-3.3.1.min.js
- file: 23.95.254.136
- hash: 443
- url: https://cmsdisybnererdefs.shop/mjm2ytbkogjlzju1/
- url: https://cmsdisybnererdasd65.shop/mjm2ytbkogjlzju1/
- url: https://cmsdisybnererdgfdgn2.com/mjm2ytbkogjlzju1/
- url: https://cmsdisybnererd5345.com/mjm2ytbkogjlzju1/
- file: 91.92.242.187
- hash: 55555
- file: 79.137.192.4
- hash: 80
- url: http://samsunguniverse.com/wp-content/unsalted-condensed-soups/
- url: http://116.205.228.160/g.pixel
- url: https://felizcity.com/wp-content/plugins/jetpack/json-endpoints/jetpack/hays_compiled_documents.zip
- url: https://156.251.162.29/ptj
- url: http://120.46.130.73:6666/updates.rss
- url: https://43.153.222.28/match
- file: 93.123.85.100
- hash: 1337
- file: 141.98.10.76
- hash: 59666
- file: 89.185.84.115
- hash: 23
- file: 45.61.141.168
- hash: 35228
- domain: ns1.fdsagwagfdsba.xyz
- file: 202.144.192.44
- hash: 53
- file: 154.204.177.133
- hash: 80
- url: http://121.37.237.168:10000/updates.rss
- url: https://173.249.196.234/cm
- url: https://baidu.freemetb.top/azure/api/v2/userinfo/get
- domain: baidu.freemetb.top
- url: https://193.32.149.59/j.ad
- url: http://114.132.62.71:8080/ga.js
- file: 154.204.177.133
- hash: 443
- url: http://121.37.237.168/cx
- file: 121.37.237.168
- hash: 80
- url: http://7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top/api/get
- domain: 7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top
- url: http://49.232.55.153/cx
- url: http://173.249.196.234/fwlink
- url: http://192.168.208.130:9999/j.ad
- url: http://62.234.27.204/download/20/zo2xy7a4bowu
- url: http://154.92.14.6/load
- url: https://47.236.185.166/__utm.gif
- file: 47.236.185.166
- hash: 443
- url: https://www.microsoftonline.info:8443/j.ad
- domain: www.microsoftonline.info
- url: http://8.220.200.34:8080/jquery-3.3.1.min.js
- file: 95.217.242.90
- hash: 443
- file: 195.201.47.150
- hash: 5432
- url: https://95.217.242.90/
- url: https://195.201.47.150:5432/
- url: http://202.144.192.44/jquery-3.3.1.min.js
- file: 202.144.192.44
- hash: 80
- url: http://38.6.178.161/api/get
- url: http://123.56.226.153:9999/ga.js
- file: 213.195.121.48
- hash: 5001
- file: 72.203.198.245
- hash: 8009
- file: 174.75.184.124
- hash: 2083
- file: 66.50.11.141
- hash: 1800
- file: 94.98.197.28
- hash: 3460
- file: 207.180.230.175
- hash: 9443
- file: 3.105.98.157
- hash: 443
- file: 212.113.106.100
- hash: 31337
- file: 137.220.197.178
- hash: 80
- file: 116.177.245.48
- hash: 4505
- file: 43.129.31.231
- hash: 8858
- file: 88.214.59.115
- hash: 8848
- file: 202.95.23.39
- hash: 5555
- file: 95.172.23.98
- hash: 8848
- file: 185.62.57.235
- hash: 445
- file: 46.246.84.3
- hash: 7000
- file: 62.1.168.180
- hash: 995
- file: 94.156.10.201
- hash: 8848
- file: 86.22.67.194
- hash: 443
- file: 103.186.108.212
- hash: 8848
- file: 216.83.36.247
- hash: 8888
- file: 171.41.198.122
- hash: 25565
- file: 46.246.82.12
- hash: 7000
- file: 47.93.173.235
- hash: 8888
- file: 123.57.137.235
- hash: 8888
- file: 47.93.174.136
- hash: 8888
- file: 43.128.177.204
- hash: 8888
- file: 47.108.204.218
- hash: 8888
- file: 154.40.47.121
- hash: 80
- file: 91.92.252.146
- hash: 80
- file: 92.63.96.171
- hash: 80
- file: 45.128.232.135
- hash: 443
- file: 45.128.232.135
- hash: 80
- file: 38.92.40.19
- hash: 8081
- file: 45.61.139.225
- hash: 8081
- file: 104.21.67.23
- hash: 80
- file: 172.67.211.144
- hash: 443
- file: 104.21.96.39
- hash: 80
- url: http://24.199.107.111/index.php/88746289041
ThreatFox IOCs for 2024-04-10
Description
ThreatFox IOCs for 2024-04-10
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-04-10 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data indicates that these IOCs are intended to support threat intelligence efforts by identifying malicious network behaviors and payload delivery mechanisms observed in the wild. However, there are no specific affected software versions or products listed, no known exploits currently active, and no patches available, which suggests this is primarily an intelligence update rather than a direct vulnerability or exploit. The threat level is rated as medium with a threatLevel score of 2 and distribution score of 3, indicating moderate prevalence or distribution of the associated malware or network activity. The absence of detailed technical indicators or specific malware family names limits the granularity of the analysis. The classification under OSINT and network activity implies that these IOCs are useful for detection and monitoring rather than representing a novel or zero-day exploit. Overall, this threat intelligence update serves as a resource for security teams to enhance detection capabilities against known malicious payload delivery and network behaviors but does not describe a new or active exploit targeting specific software or infrastructure.
Potential Impact
For European organizations, the impact of this threat is primarily related to the ability to detect and respond to malicious network activity and payload delivery attempts. Since no specific vulnerabilities or exploits are described, the direct risk of compromise depends on the organization's existing exposure to malware campaigns that these IOCs represent. If these indicators correspond to malware strains or attack campaigns targeting sectors prevalent in Europe, such as finance, manufacturing, or critical infrastructure, organizations could face risks including data exfiltration, service disruption, or unauthorized access. However, given the medium severity and lack of active known exploits, the immediate operational impact is likely limited to enhanced monitoring and incident response activities. European entities that integrate these IOCs into their security monitoring tools can improve threat detection and reduce dwell time for attackers leveraging these payload delivery methods. The absence of patches or fixes means that mitigation relies on detection and response rather than vulnerability remediation.
Mitigation Recommendations
To effectively mitigate risks associated with these IOCs, European organizations should: 1) Integrate the provided IOCs into their Security Information and Event Management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enhance detection of related network activity and payload delivery attempts. 2) Conduct regular threat hunting exercises using these IOCs to identify potential compromises early. 3) Maintain up-to-date endpoint protection and network segmentation to limit malware spread if payload delivery is successful. 4) Employ network traffic analysis tools to monitor for anomalous behaviors consistent with the indicators. 5) Train security operations teams to recognize patterns associated with these IOCs and respond promptly. 6) Collaborate with threat intelligence sharing communities to receive updates on evolving indicators and related threats. Since no patches are available, emphasis should be on proactive detection and containment strategies rather than remediation of software vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ff6a2b9e-7bd1-4096-b8cb-a068b79063e8
- Original Timestamp
- 1712793786
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://ahhhuu22cxxx.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://h23hxa22f3f2a.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://h13f2hah2aa.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cwcwac3f422af.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://g2agfawfw.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://154.23.178.106/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttp://38.181.35.175/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttps://154.23.178.139/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttp://154.23.178.70/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttps://boom.baiduboomboom.tk:2096/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://116.203.15.18/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://covid19help.top/pdtzx.scr | Remcos payload delivery URL (confidence level: 100%) | |
urlhttps://119.91.214.152/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.95.254.136/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cmsdisybnererdefs.shop/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cmsdisybnererdasd65.shop/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cmsdisybnererdgfdgn2.com/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cmsdisybnererd5345.com/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://samsunguniverse.com/wp-content/unsalted-condensed-soups/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://116.205.228.160/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://felizcity.com/wp-content/plugins/jetpack/json-endpoints/jetpack/hays_compiled_documents.zip | Cobalt Strike payload delivery URL (confidence level: 100%) | |
urlhttps://156.251.162.29/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.46.130.73:6666/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.153.222.28/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.37.237.168:10000/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://173.249.196.234/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://baidu.freemetb.top/azure/api/v2/userinfo/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://193.32.149.59/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://114.132.62.71:8080/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.37.237.168/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top/api/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://49.232.55.153/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://173.249.196.234/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.168.208.130:9999/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://62.234.27.204/download/20/zo2xy7a4bowu | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://154.92.14.6/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.236.185.166/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.microsoftonline.info:8443/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://8.220.200.34:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://95.217.242.90/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://195.201.47.150:5432/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://202.144.192.44/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://38.6.178.161/api/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://123.56.226.153:9999/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://24.199.107.111/index.php/88746289041 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file77.221.137.22 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file47.242.231.229 | DCRat botnet C2 server (confidence level: 100%) | |
file51.68.169.77 | DCRat botnet C2 server (confidence level: 100%) | |
file89.105.201.98 | DCRat botnet C2 server (confidence level: 100%) | |
file179.13.0.175 | NjRAT botnet C2 server (confidence level: 75%) | |
file1.15.247.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.79.87.4 | Mirai botnet C2 server (confidence level: 75%) | |
file116.203.15.18 | Vidar botnet C2 server (confidence level: 100%) | |
file167.71.105.169 | Havoc botnet C2 server (confidence level: 50%) | |
file47.245.38.152 | Havoc botnet C2 server (confidence level: 50%) | |
file47.236.151.19 | Havoc botnet C2 server (confidence level: 50%) | |
file167.172.246.65 | Havoc botnet C2 server (confidence level: 50%) | |
file167.172.246.65 | Havoc botnet C2 server (confidence level: 50%) | |
file8.140.193.181 | Havoc botnet C2 server (confidence level: 50%) | |
file97.118.50.67 | QakBot botnet C2 server (confidence level: 50%) | |
file188.126.90.3 | DCRat botnet C2 server (confidence level: 50%) | |
file51.116.96.182 | DCRat botnet C2 server (confidence level: 50%) | |
file46.246.14.9 | DCRat botnet C2 server (confidence level: 50%) | |
file179.13.2.154 | DCRat botnet C2 server (confidence level: 50%) | |
file111.223.247.163 | Unknown malware botnet C2 server (confidence level: 50%) | |
file101.200.214.198 | Unknown malware botnet C2 server (confidence level: 50%) | |
file121.36.61.185 | Unknown malware botnet C2 server (confidence level: 50%) | |
file101.200.160.159 | Unknown malware botnet C2 server (confidence level: 50%) | |
file194.87.236.115 | Unknown malware botnet C2 server (confidence level: 50%) | |
file106.54.222.22 | Unknown malware botnet C2 server (confidence level: 50%) | |
file38.89.76.175 | Bashlite botnet C2 server (confidence level: 75%) | |
file166.88.61.185 | Bashlite botnet C2 server (confidence level: 75%) | |
file91.92.253.58 | Bashlite botnet C2 server (confidence level: 75%) | |
file91.92.240.123 | Bashlite botnet C2 server (confidence level: 75%) | |
file45.148.244.74 | Bashlite botnet C2 server (confidence level: 75%) | |
file94.156.8.110 | MooBot botnet C2 server (confidence level: 100%) | |
file14.225.219.227 | MooBot botnet C2 server (confidence level: 100%) | |
file23.95.254.136 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.242.187 | Mirai botnet C2 server (confidence level: 75%) | |
file79.137.192.4 | AMOS botnet C2 server (confidence level: 100%) | |
file93.123.85.100 | Mirai botnet C2 server (confidence level: 100%) | |
file141.98.10.76 | Mirai botnet C2 server (confidence level: 100%) | |
file89.185.84.115 | Mirai botnet C2 server (confidence level: 100%) | |
file45.61.141.168 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file202.144.192.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.204.177.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.204.177.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.237.168 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.236.185.166 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.217.242.90 | Vidar botnet C2 server (confidence level: 100%) | |
file195.201.47.150 | Vidar botnet C2 server (confidence level: 100%) | |
file202.144.192.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file213.195.121.48 | AsyncRAT botnet C2 server (confidence level: 80%) | |
file72.203.198.245 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
file174.75.184.124 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
file66.50.11.141 | Remcos botnet C2 server (confidence level: 80%) | |
file94.98.197.28 | Poison Ivy botnet C2 server (confidence level: 80%) | |
file207.180.230.175 | Havoc botnet C2 server (confidence level: 80%) | |
file3.105.98.157 | Havoc botnet C2 server (confidence level: 80%) | |
file212.113.106.100 | Sliver botnet C2 server (confidence level: 50%) | |
file137.220.197.178 | Havoc botnet C2 server (confidence level: 80%) | |
file116.177.245.48 | Deimos botnet C2 server (confidence level: 50%) | |
file43.129.31.231 | DCRat botnet C2 server (confidence level: 80%) | |
file88.214.59.115 | DCRat botnet C2 server (confidence level: 80%) | |
file202.95.23.39 | DCRat botnet C2 server (confidence level: 80%) | |
file95.172.23.98 | DCRat botnet C2 server (confidence level: 80%) | |
file185.62.57.235 | Responder botnet C2 server (confidence level: 50%) | |
file46.246.84.3 | DCRat botnet C2 server (confidence level: 80%) | |
file62.1.168.180 | QakBot botnet C2 server (confidence level: 50%) | |
file94.156.10.201 | DCRat botnet C2 server (confidence level: 80%) | |
file86.22.67.194 | QakBot botnet C2 server (confidence level: 50%) | |
file103.186.108.212 | DCRat botnet C2 server (confidence level: 80%) | |
file216.83.36.247 | Unknown malware botnet C2 server (confidence level: 50%) | |
file171.41.198.122 | DCRat botnet C2 server (confidence level: 80%) | |
file46.246.82.12 | DCRat botnet C2 server (confidence level: 80%) | |
file47.93.173.235 | Unknown malware botnet C2 server (confidence level: 50%) | |
file123.57.137.235 | Unknown malware botnet C2 server (confidence level: 50%) | |
file47.93.174.136 | Unknown malware botnet C2 server (confidence level: 50%) | |
file43.128.177.204 | Unknown malware botnet C2 server (confidence level: 50%) | |
file47.108.204.218 | Unknown malware botnet C2 server (confidence level: 50%) | |
file154.40.47.121 | Unknown malware botnet C2 server (confidence level: 50%) | |
file91.92.252.146 | Unknown malware botnet C2 server (confidence level: 50%) | |
file92.63.96.171 | Unknown malware botnet C2 server (confidence level: 50%) | |
file45.128.232.135 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
file45.128.232.135 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
file38.92.40.19 | RisePro botnet C2 server (confidence level: 80%) | |
file45.61.139.225 | RisePro botnet C2 server (confidence level: 80%) | |
file104.21.67.23 | MintStealer botnet C2 server (confidence level: 80%) | |
file172.67.211.144 | MintStealer botnet C2 server (confidence level: 80%) | |
file104.21.96.39 | MintStealer botnet C2 server (confidence level: 80%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash65503 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash591 | DCRat botnet C2 server (confidence level: 100%) | |
hash5556 | NjRAT botnet C2 server (confidence level: 75%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8732 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash8443 | Havoc botnet C2 server (confidence level: 50%) | |
hash993 | QakBot botnet C2 server (confidence level: 50%) | |
hash5000 | DCRat botnet C2 server (confidence level: 50%) | |
hash4000 | DCRat botnet C2 server (confidence level: 50%) | |
hash6000 | DCRat botnet C2 server (confidence level: 50%) | |
hash2230 | DCRat botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash61915 | Bashlite botnet C2 server (confidence level: 75%) | |
hash606 | Bashlite botnet C2 server (confidence level: 75%) | |
hash23 | Bashlite botnet C2 server (confidence level: 75%) | |
hash999 | Bashlite botnet C2 server (confidence level: 75%) | |
hash839 | Bashlite botnet C2 server (confidence level: 75%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash55555 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | AMOS botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash59666 | Mirai botnet C2 server (confidence level: 100%) | |
hash23 | Mirai botnet C2 server (confidence level: 100%) | |
hash35228 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash5432 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5001 | AsyncRAT botnet C2 server (confidence level: 80%) | |
hash8009 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
hash2083 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
hash1800 | Remcos botnet C2 server (confidence level: 80%) | |
hash3460 | Poison Ivy botnet C2 server (confidence level: 80%) | |
hash9443 | Havoc botnet C2 server (confidence level: 80%) | |
hash443 | Havoc botnet C2 server (confidence level: 80%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 80%) | |
hash4505 | Deimos botnet C2 server (confidence level: 50%) | |
hash8858 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash5555 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash7000 | DCRat botnet C2 server (confidence level: 80%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash25565 | DCRat botnet C2 server (confidence level: 80%) | |
hash7000 | DCRat botnet C2 server (confidence level: 80%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
hash80 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash80 | MintStealer botnet C2 server (confidence level: 80%) | |
hash443 | MintStealer botnet C2 server (confidence level: 80%) | |
hash80 | MintStealer botnet C2 server (confidence level: 80%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainkuailianv.com | DCRat botnet C2 domain (confidence level: 100%) | |
domainwinarkamaps.com | Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 75%) | |
domainstratimasesstr.com | Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 75%) | |
domainboom.baiduboomboom.tk | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainemv1.ib-comm-gateway.com | Mirai botnet C2 domain (confidence level: 100%) | |
domainzhudaji.com | Mirai botnet C2 domain (confidence level: 100%) | |
domainrubiconviewer.buzz | Mirai botnet C2 domain (confidence level: 100%) | |
domainhatsune.network | Mirai botnet C2 domain (confidence level: 100%) | |
domainint.hatsune.network | Mirai botnet C2 domain (confidence level: 100%) | |
domaindsbr.cam | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%) | |
domainjswl.vipsf888.com | MooBot botnet C2 domain (confidence level: 100%) | |
domainns1.fdsagwagfdsba.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainbaidu.freemetb.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.microsoftonline.info | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 68359c9a5d5f0974d01e2193
Added to database: 5/27/2025, 11:06:02 AM
Last enriched: 7/5/2025, 10:57:33 PM
Last updated: 7/26/2025, 5:39:25 PM
Views: 7
Related Threats
ThreatFox IOCs for 2025-08-11
MediumFrom ClickFix to Command: A Full PowerShell Attack Chain
MediumNorth Korean Group ScarCruft Expands From Spying to Ransomware Attacks
MediumMedusaLocker ransomware group is looking for pentesters
MediumThreatFox IOCs for 2025-08-10
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.