ThreatFox IOCs for 2024-04-10
ThreatFox IOCs for 2024-04-10
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on April 10, 2024, by ThreatFox, a platform that aggregates threat intelligence data. The entry is labeled with a medium severity level but lacks specific technical details, affected software versions, or concrete exploit descriptions. The threat type is marked as 'unknown,' and no Common Weakness Enumerations (CWEs) or patch links are provided. The technical details indicate a low to moderate threat level (threatLevel: 2), minimal analysis confidence (analysis: 1), and moderate distribution (distribution: 3). The absence of indicators and known exploits in the wild suggests that this is an early-stage or low-confidence intelligence report, possibly representing emerging or unconfirmed threats. The data is tagged as OSINT (Open Source Intelligence) with a TLP:white classification, indicating it is intended for wide distribution without restrictions. Overall, this entry appears to be a preliminary or generic IOC update rather than a detailed or actionable threat report.
Potential Impact
Given the lack of specific technical details, affected systems, or exploit information, the direct impact on European organizations is difficult to ascertain. However, the medium severity rating and moderate distribution level imply that there could be some level of exposure or risk if these IOCs correspond to active or emerging threats. European organizations that rely on threat intelligence feeds like ThreatFox may use these IOCs to enhance detection capabilities. Without concrete exploit data or targeted attack patterns, the immediate operational impact is likely limited. Nevertheless, organizations should remain vigilant as such IOC updates can precede more detailed threat activity. The potential impact could include detection of malware, intrusion attempts, or reconnaissance activities if these IOCs are integrated into security monitoring tools.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Maintain up-to-date threat intelligence feeds and correlate these IOCs with internal logs to identify any matching activity. 3. Conduct regular threat hunting exercises focusing on the indicators once they become available or more detailed. 4. Ensure that all systems and software are patched and updated according to vendor recommendations, even though no specific patches are linked to this IOC set. 5. Educate security teams to treat such generic IOC updates as part of a broader intelligence context and avoid overreaction to unconfirmed threats. 6. Monitor ThreatFox and other intelligence sources for follow-up reports that may provide additional context or exploit details.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- url: https://ahhhuu22cxxx.com/zdfmmdlmzwe1ztji/
- url: https://h23hxa22f3f2a.com/zdfmmdlmzwe1ztji/
- url: https://h13f2hah2aa.com/zdfmmdlmzwe1ztji/
- url: https://cwcwac3f422af.com/zdfmmdlmzwe1ztji/
- url: https://g2agfawfw.com/zdfmmdlmzwe1ztji/
- ip-dst|port: 77.221.137.22|443
- ip-dst|port: 47.242.231.229|65503
- ip-dst|port: 51.68.169.77|443
- ip-dst|port: 89.105.201.98|591
- ip-dst|port: 179.13.0.175|5556
- url: https://154.23.178.106/lets.exe
- url: http://38.181.35.175/lets.exe
- url: https://154.23.178.139/lets.exe
- url: http://154.23.178.70/lets.exe
- domain: kuailianv.com
- domain: winarkamaps.com
- domain: stratimasesstr.com
- url: https://boom.baiduboomboom.tk:2096/__utm.gif
- domain: boom.baiduboomboom.tk
- ip-dst|port: 1.15.247.249|2096
- ip-dst|port: 51.79.87.4|8732
- url: https://116.203.15.18/
- ip-dst|port: 116.203.15.18|443
- ip-dst|port: 167.71.105.169|443
- ip-dst|port: 47.245.38.152|443
- ip-dst|port: 47.236.151.19|443
- ip-dst|port: 167.172.246.65|80
- ip-dst|port: 167.172.246.65|443
- ip-dst|port: 8.140.193.181|8443
- ip-dst|port: 97.118.50.67|993
- ip-dst|port: 188.126.90.3|5000
- ip-dst|port: 51.116.96.182|4000
- ip-dst|port: 46.246.14.9|6000
- ip-dst|port: 179.13.2.154|2230
- ip-dst|port: 111.223.247.163|8888
- ip-dst|port: 101.200.214.198|8888
- ip-dst|port: 121.36.61.185|8888
- ip-dst|port: 101.200.160.159|8888
- ip-dst|port: 194.87.236.115|80
- ip-dst|port: 106.54.222.22|80
- ip-dst|port: 38.89.76.175|61915
- ip-dst|port: 166.88.61.185|606
- ip-dst|port: 91.92.253.58|23
- ip-dst|port: 91.92.240.123|999
- ip-dst|port: 45.148.244.74|839
- domain: emv1.ib-comm-gateway.com
- domain: zhudaji.com
- domain: rubiconviewer.buzz
- domain: hatsune.network
- domain: int.hatsune.network
- url: https://covid19help.top/pdtzx.scr
- domain: dsbr.cam
- ip-dst|port: 94.156.8.110|80
- ip-dst|port: 14.225.219.227|80
- domain: jswl.vipsf888.com
- url: https://119.91.214.152/ie9compatviewlist.xml
- url: https://23.95.254.136/jquery-3.3.1.min.js
- ip-dst|port: 23.95.254.136|443
- url: https://cmsdisybnererdefs.shop/mjm2ytbkogjlzju1/
- url: https://cmsdisybnererdasd65.shop/mjm2ytbkogjlzju1/
- url: https://cmsdisybnererdgfdgn2.com/mjm2ytbkogjlzju1/
- url: https://cmsdisybnererd5345.com/mjm2ytbkogjlzju1/
- ip-dst|port: 91.92.242.187|55555
- ip-dst|port: 79.137.192.4|80
- url: http://samsunguniverse.com/wp-content/unsalted-condensed-soups/
- url: http://116.205.228.160/g.pixel
- url: https://felizcity.com/wp-content/plugins/jetpack/json-endpoints/jetpack/hays_compiled_documents.zip
- url: https://156.251.162.29/ptj
- url: http://120.46.130.73:6666/updates.rss
- url: https://43.153.222.28/match
- ip-dst|port: 93.123.85.100|1337
- ip-dst|port: 141.98.10.76|59666
- ip-dst|port: 89.185.84.115|23
- ip-dst|port: 45.61.141.168|35228
- domain: ns1.fdsagwagfdsba.xyz
- ip-dst|port: 202.144.192.44|53
- ip-dst|port: 154.204.177.133|80
- url: http://121.37.237.168:10000/updates.rss
- url: https://173.249.196.234/cm
- url: https://baidu.freemetb.top/azure/api/v2/userinfo/get
- domain: baidu.freemetb.top
- url: https://193.32.149.59/j.ad
- url: http://114.132.62.71:8080/ga.js
- ip-dst|port: 154.204.177.133|443
- url: http://121.37.237.168/cx
- ip-dst|port: 121.37.237.168|80
- url: http://7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top/api/get
- domain: 7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top
- url: http://49.232.55.153/cx
- url: http://173.249.196.234/fwlink
- url: http://192.168.208.130:9999/j.ad
- url: http://62.234.27.204/download/20/zo2xy7a4bowu
- url: http://154.92.14.6/load
- url: https://47.236.185.166/__utm.gif
- ip-dst|port: 47.236.185.166|443
- url: https://www.microsoftonline.info:8443/j.ad
- domain: www.microsoftonline.info
- url: http://8.220.200.34:8080/jquery-3.3.1.min.js
- ip-dst|port: 95.217.242.90|443
- ip-dst|port: 195.201.47.150|5432
- url: https://95.217.242.90/
- url: https://195.201.47.150:5432/
- url: http://202.144.192.44/jquery-3.3.1.min.js
- ip-dst|port: 202.144.192.44|80
- url: http://38.6.178.161/api/get
- url: http://123.56.226.153:9999/ga.js
- ip-dst|port: 213.195.121.48|5001
- ip-dst|port: 72.203.198.245|8009
- ip-dst|port: 174.75.184.124|2083
- ip-dst|port: 66.50.11.141|1800
- ip-dst|port: 94.98.197.28|3460
- ip-dst|port: 207.180.230.175|9443
- ip-dst|port: 3.105.98.157|443
- ip-dst|port: 212.113.106.100|31337
- ip-dst|port: 137.220.197.178|80
- ip-dst|port: 116.177.245.48|4505
- ip-dst|port: 43.129.31.231|8858
- ip-dst|port: 88.214.59.115|8848
- ip-dst|port: 202.95.23.39|5555
- ip-dst|port: 95.172.23.98|8848
- ip-dst|port: 185.62.57.235|445
- ip-dst|port: 46.246.84.3|7000
- ip-dst|port: 62.1.168.180|995
- ip-dst|port: 94.156.10.201|8848
- ip-dst|port: 86.22.67.194|443
- ip-dst|port: 103.186.108.212|8848
- ip-dst|port: 216.83.36.247|8888
- ip-dst|port: 171.41.198.122|25565
- ip-dst|port: 46.246.82.12|7000
- ip-dst|port: 47.93.173.235|8888
- ip-dst|port: 123.57.137.235|8888
- ip-dst|port: 47.93.174.136|8888
- ip-dst|port: 43.128.177.204|8888
- ip-dst|port: 47.108.204.218|8888
- ip-dst|port: 154.40.47.121|80
- ip-dst|port: 91.92.252.146|80
- ip-dst|port: 92.63.96.171|80
- ip-dst|port: 45.128.232.135|443
- ip-dst|port: 45.128.232.135|80
- ip-dst|port: 38.92.40.19|8081
- ip-dst|port: 45.61.139.225|8081
- ip-dst|port: 104.21.67.23|80
- ip-dst|port: 172.67.211.144|443
- ip-dst|port: 104.21.96.39|80
- url: http://24.199.107.111/index.php/88746289041
ThreatFox IOCs for 2024-04-10
Description
ThreatFox IOCs for 2024-04-10
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on April 10, 2024, by ThreatFox, a platform that aggregates threat intelligence data. The entry is labeled with a medium severity level but lacks specific technical details, affected software versions, or concrete exploit descriptions. The threat type is marked as 'unknown,' and no Common Weakness Enumerations (CWEs) or patch links are provided. The technical details indicate a low to moderate threat level (threatLevel: 2), minimal analysis confidence (analysis: 1), and moderate distribution (distribution: 3). The absence of indicators and known exploits in the wild suggests that this is an early-stage or low-confidence intelligence report, possibly representing emerging or unconfirmed threats. The data is tagged as OSINT (Open Source Intelligence) with a TLP:white classification, indicating it is intended for wide distribution without restrictions. Overall, this entry appears to be a preliminary or generic IOC update rather than a detailed or actionable threat report.
Potential Impact
Given the lack of specific technical details, affected systems, or exploit information, the direct impact on European organizations is difficult to ascertain. However, the medium severity rating and moderate distribution level imply that there could be some level of exposure or risk if these IOCs correspond to active or emerging threats. European organizations that rely on threat intelligence feeds like ThreatFox may use these IOCs to enhance detection capabilities. Without concrete exploit data or targeted attack patterns, the immediate operational impact is likely limited. Nevertheless, organizations should remain vigilant as such IOC updates can precede more detailed threat activity. The potential impact could include detection of malware, intrusion attempts, or reconnaissance activities if these IOCs are integrated into security monitoring tools.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Maintain up-to-date threat intelligence feeds and correlate these IOCs with internal logs to identify any matching activity. 3. Conduct regular threat hunting exercises focusing on the indicators once they become available or more detailed. 4. Ensure that all systems and software are patched and updated according to vendor recommendations, even though no specific patches are linked to this IOC set. 5. Educate security teams to treat such generic IOC updates as part of a broader intelligence context and avoid overreaction to unconfirmed threats. 6. Monitor ThreatFox and other intelligence sources for follow-up reports that may provide additional context or exploit details.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://ahhhuu22cxxx.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://h23hxa22f3f2a.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://h13f2hah2aa.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cwcwac3f422af.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://g2agfawfw.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://154.23.178.106/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttp://38.181.35.175/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttps://154.23.178.139/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttp://154.23.178.70/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttps://boom.baiduboomboom.tk:2096/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://116.203.15.18/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://covid19help.top/pdtzx.scr | Remcos payload delivery URL (confidence level: 100%) | |
urlhttps://119.91.214.152/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.95.254.136/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cmsdisybnererdefs.shop/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cmsdisybnererdasd65.shop/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cmsdisybnererdgfdgn2.com/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cmsdisybnererd5345.com/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://samsunguniverse.com/wp-content/unsalted-condensed-soups/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://116.205.228.160/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://felizcity.com/wp-content/plugins/jetpack/json-endpoints/jetpack/hays_compiled_documents.zip | Cobalt Strike payload delivery URL (confidence level: 100%) | |
urlhttps://156.251.162.29/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.46.130.73:6666/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.153.222.28/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.37.237.168:10000/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://173.249.196.234/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://baidu.freemetb.top/azure/api/v2/userinfo/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://193.32.149.59/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://114.132.62.71:8080/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.37.237.168/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top/api/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://49.232.55.153/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://173.249.196.234/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.168.208.130:9999/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://62.234.27.204/download/20/zo2xy7a4bowu | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://154.92.14.6/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.236.185.166/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.microsoftonline.info:8443/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://8.220.200.34:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://95.217.242.90/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://195.201.47.150:5432/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://202.144.192.44/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://38.6.178.161/api/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://123.56.226.153:9999/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://24.199.107.111/index.php/88746289041 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) |
Ip dst|port
| Value | Description | Copy |
|---|---|---|
ip-dst|port77.221.137.22|443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
ip-dst|port47.242.231.229|65503 | DCRat botnet C2 server (confidence level: 100%) | |
ip-dst|port51.68.169.77|443 | DCRat botnet C2 server (confidence level: 100%) | |
ip-dst|port89.105.201.98|591 | DCRat botnet C2 server (confidence level: 100%) | |
ip-dst|port179.13.0.175|5556 | NjRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port1.15.247.249|2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port51.79.87.4|8732 | Mirai botnet C2 server (confidence level: 75%) | |
ip-dst|port116.203.15.18|443 | Vidar botnet C2 server (confidence level: 100%) | |
ip-dst|port167.71.105.169|443 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port47.245.38.152|443 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port47.236.151.19|443 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port167.172.246.65|80 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port167.172.246.65|443 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port8.140.193.181|8443 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port97.118.50.67|993 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port188.126.90.3|5000 | DCRat botnet C2 server (confidence level: 50%) | |
ip-dst|port51.116.96.182|4000 | DCRat botnet C2 server (confidence level: 50%) | |
ip-dst|port46.246.14.9|6000 | DCRat botnet C2 server (confidence level: 50%) | |
ip-dst|port179.13.2.154|2230 | DCRat botnet C2 server (confidence level: 50%) | |
ip-dst|port111.223.247.163|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port101.200.214.198|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port121.36.61.185|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port101.200.160.159|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port194.87.236.115|80 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port106.54.222.22|80 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port38.89.76.175|61915 | Bashlite botnet C2 server (confidence level: 75%) | |
ip-dst|port166.88.61.185|606 | Bashlite botnet C2 server (confidence level: 75%) | |
ip-dst|port91.92.253.58|23 | Bashlite botnet C2 server (confidence level: 75%) | |
ip-dst|port91.92.240.123|999 | Bashlite botnet C2 server (confidence level: 75%) | |
ip-dst|port45.148.244.74|839 | Bashlite botnet C2 server (confidence level: 75%) | |
ip-dst|port94.156.8.110|80 | MooBot botnet C2 server (confidence level: 100%) | |
ip-dst|port14.225.219.227|80 | MooBot botnet C2 server (confidence level: 100%) | |
ip-dst|port23.95.254.136|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port91.92.242.187|55555 | Mirai botnet C2 server (confidence level: 75%) | |
ip-dst|port79.137.192.4|80 | AMOS botnet C2 server (confidence level: 100%) | |
ip-dst|port93.123.85.100|1337 | Mirai botnet C2 server (confidence level: 100%) | |
ip-dst|port141.98.10.76|59666 | Mirai botnet C2 server (confidence level: 100%) | |
ip-dst|port89.185.84.115|23 | Mirai botnet C2 server (confidence level: 100%) | |
ip-dst|port45.61.141.168|35228 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port202.144.192.44|53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port154.204.177.133|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port154.204.177.133|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port121.37.237.168|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port47.236.185.166|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port95.217.242.90|443 | Vidar botnet C2 server (confidence level: 100%) | |
ip-dst|port195.201.47.150|5432 | Vidar botnet C2 server (confidence level: 100%) | |
ip-dst|port202.144.192.44|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port213.195.121.48|5001 | AsyncRAT botnet C2 server (confidence level: 80%) | |
ip-dst|port72.203.198.245|8009 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
ip-dst|port174.75.184.124|2083 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
ip-dst|port66.50.11.141|1800 | Remcos botnet C2 server (confidence level: 80%) | |
ip-dst|port94.98.197.28|3460 | Poison Ivy botnet C2 server (confidence level: 80%) | |
ip-dst|port207.180.230.175|9443 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port3.105.98.157|443 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port212.113.106.100|31337 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port137.220.197.178|80 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port116.177.245.48|4505 | Deimos botnet C2 server (confidence level: 50%) | |
ip-dst|port43.129.31.231|8858 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port88.214.59.115|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port202.95.23.39|5555 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port95.172.23.98|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port185.62.57.235|445 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port46.246.84.3|7000 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port62.1.168.180|995 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port94.156.10.201|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port86.22.67.194|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port103.186.108.212|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port216.83.36.247|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port171.41.198.122|25565 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port46.246.82.12|7000 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port47.93.173.235|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port123.57.137.235|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port47.93.174.136|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port43.128.177.204|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port47.108.204.218|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port154.40.47.121|80 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port91.92.252.146|80 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port92.63.96.171|80 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port45.128.232.135|443 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
ip-dst|port45.128.232.135|80 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
ip-dst|port38.92.40.19|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port45.61.139.225|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port104.21.67.23|80 | MintStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port172.67.211.144|443 | MintStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port104.21.96.39|80 | MintStealer botnet C2 server (confidence level: 80%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainkuailianv.com | DCRat botnet C2 domain (confidence level: 100%) | |
domainwinarkamaps.com | Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 75%) | |
domainstratimasesstr.com | Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 75%) | |
domainboom.baiduboomboom.tk | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainemv1.ib-comm-gateway.com | Mirai botnet C2 domain (confidence level: 100%) | |
domainzhudaji.com | Mirai botnet C2 domain (confidence level: 100%) | |
domainrubiconviewer.buzz | Mirai botnet C2 domain (confidence level: 100%) | |
domainhatsune.network | Mirai botnet C2 domain (confidence level: 100%) | |
domainint.hatsune.network | Mirai botnet C2 domain (confidence level: 100%) | |
domaindsbr.cam | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%) | |
domainjswl.vipsf888.com | MooBot botnet C2 domain (confidence level: 100%) | |
domainns1.fdsagwagfdsba.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainbaidu.freemetb.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.microsoftonline.info | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 6828eab9e1a0c275ea6e3070
Added to database: 5/17/2025, 7:59:53 PM
Last enriched: 7/3/2025, 6:55:15 AM
Last updated: 7/29/2025, 12:48:41 AM
Views: 8
Related Threats
Actions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.