Skip to main content

ThreatFox IOCs for 2024-04-10

Medium
Published: Wed Apr 10 2024 (04/10/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-04-10

AI-Powered Analysis

AILast updated: 06/18/2025, 09:21:11 UTC

Technical Analysis

The provided threat information pertains to a malware-related intelligence report titled 'ThreatFox IOCs for 2024-04-10,' originating from the ThreatFox platform, which specializes in sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the distribution or delivery of malicious payloads potentially observable through network traffic analysis. However, the report lacks specific details about affected software versions, vulnerabilities exploited, or concrete indicators such as hashes, IP addresses, or domains. The absence of known exploits in the wild and the lack of patch availability suggest that this threat intelligence is primarily focused on detection and monitoring rather than an active, widespread exploitation campaign. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores indicating moderate confidence and dissemination. The 'tlp:white' tag implies that the information is intended for broad sharing without restrictions. Overall, this intelligence appears to be a collection of IOCs related to malware activity observed or predicted around April 10, 2024, intended to aid security teams in identifying and mitigating potential threats through OSINT methods and network monitoring tools.

Potential Impact

For European organizations, the impact of this threat is currently assessed as medium due to the lack of specific exploit details or active widespread attacks. The threat's focus on payload delivery and network activity suggests potential risks to confidentiality and integrity if malicious payloads are successfully delivered and executed within organizational networks. However, since no known exploits are reported in the wild and no patches are available, the immediate risk of compromise is limited. European entities relying heavily on network monitoring and OSINT for threat detection may benefit from incorporating these IOCs to enhance situational awareness. The threat could potentially be used as a vector for targeted attacks or espionage, especially against sectors with high-value data or critical infrastructure. The absence of authentication or user interaction requirements in the data limits the assessment, but given the malware classification, some level of user or system interaction might be necessary for payload execution. Overall, the threat poses a moderate risk that could escalate if further exploitation details emerge.

Mitigation Recommendations

1. Integrate the provided ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities for related network activity and payload delivery attempts. 2. Conduct regular network traffic analysis focusing on anomalies that match the behavioral patterns associated with the reported malware activity, leveraging OSINT feeds to correlate suspicious events. 3. Implement strict network segmentation and least privilege principles to limit the potential spread and impact of any payload delivery within the organizational environment. 4. Enhance endpoint detection and response (EDR) solutions to monitor for unusual process executions or payload behaviors that align with the threat profile. 5. Educate security teams on the importance of OSINT in threat hunting and encourage proactive monitoring of ThreatFox and similar platforms for updated IOCs. 6. Since no patches are available, prioritize hardening of network defenses and timely application of security best practices, including up-to-date antivirus signatures and firewall rules. 7. Establish incident response playbooks that include procedures for analyzing and responding to detections related to these IOCs to minimize dwell time and impact.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
ff6a2b9e-7bd1-4096-b8cb-a068b79063e8
Original Timestamp
1712793786

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttps://ahhhuu22cxxx.com/zdfmmdlmzwe1ztji/
Coper botnet C2 (confidence level: 80%)
urlhttps://h23hxa22f3f2a.com/zdfmmdlmzwe1ztji/
Coper botnet C2 (confidence level: 80%)
urlhttps://h13f2hah2aa.com/zdfmmdlmzwe1ztji/
Coper botnet C2 (confidence level: 80%)
urlhttps://cwcwac3f422af.com/zdfmmdlmzwe1ztji/
Coper botnet C2 (confidence level: 80%)
urlhttps://g2agfawfw.com/zdfmmdlmzwe1ztji/
Coper botnet C2 (confidence level: 80%)
urlhttps://154.23.178.106/lets.exe
DCRat payload delivery URL (confidence level: 100%)
urlhttp://38.181.35.175/lets.exe
DCRat payload delivery URL (confidence level: 100%)
urlhttps://154.23.178.139/lets.exe
DCRat payload delivery URL (confidence level: 100%)
urlhttp://154.23.178.70/lets.exe
DCRat payload delivery URL (confidence level: 100%)
urlhttps://boom.baiduboomboom.tk:2096/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://116.203.15.18/
Vidar botnet C2 (confidence level: 100%)
urlhttps://covid19help.top/pdtzx.scr
Remcos payload delivery URL (confidence level: 100%)
urlhttps://119.91.214.152/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.95.254.136/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cmsdisybnererdefs.shop/mjm2ytbkogjlzju1/
Coper botnet C2 (confidence level: 80%)
urlhttps://cmsdisybnererdasd65.shop/mjm2ytbkogjlzju1/
Coper botnet C2 (confidence level: 80%)
urlhttps://cmsdisybnererdgfdgn2.com/mjm2ytbkogjlzju1/
Coper botnet C2 (confidence level: 80%)
urlhttps://cmsdisybnererd5345.com/mjm2ytbkogjlzju1/
Coper botnet C2 (confidence level: 80%)
urlhttp://samsunguniverse.com/wp-content/unsalted-condensed-soups/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.205.228.160/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://felizcity.com/wp-content/plugins/jetpack/json-endpoints/jetpack/hays_compiled_documents.zip
Cobalt Strike payload delivery URL (confidence level: 100%)
urlhttps://156.251.162.29/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.46.130.73:6666/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.153.222.28/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.37.237.168:10000/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://173.249.196.234/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://baidu.freemetb.top/azure/api/v2/userinfo/get
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://193.32.149.59/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.132.62.71:8080/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.37.237.168/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top/api/get
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.232.55.153/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://173.249.196.234/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.208.130:9999/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://62.234.27.204/download/20/zo2xy7a4bowu
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://154.92.14.6/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.236.185.166/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.microsoftonline.info:8443/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.220.200.34:8080/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://95.217.242.90/
Vidar botnet C2 (confidence level: 100%)
urlhttps://195.201.47.150:5432/
Vidar botnet C2 (confidence level: 100%)
urlhttp://202.144.192.44/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://38.6.178.161/api/get
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://123.56.226.153:9999/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://24.199.107.111/index.php/88746289041
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file77.221.137.22
Rhadamanthys botnet C2 server (confidence level: 100%)
file47.242.231.229
DCRat botnet C2 server (confidence level: 100%)
file51.68.169.77
DCRat botnet C2 server (confidence level: 100%)
file89.105.201.98
DCRat botnet C2 server (confidence level: 100%)
file179.13.0.175
NjRAT botnet C2 server (confidence level: 75%)
file1.15.247.249
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.79.87.4
Mirai botnet C2 server (confidence level: 75%)
file116.203.15.18
Vidar botnet C2 server (confidence level: 100%)
file167.71.105.169
Havoc botnet C2 server (confidence level: 50%)
file47.245.38.152
Havoc botnet C2 server (confidence level: 50%)
file47.236.151.19
Havoc botnet C2 server (confidence level: 50%)
file167.172.246.65
Havoc botnet C2 server (confidence level: 50%)
file167.172.246.65
Havoc botnet C2 server (confidence level: 50%)
file8.140.193.181
Havoc botnet C2 server (confidence level: 50%)
file97.118.50.67
QakBot botnet C2 server (confidence level: 50%)
file188.126.90.3
DCRat botnet C2 server (confidence level: 50%)
file51.116.96.182
DCRat botnet C2 server (confidence level: 50%)
file46.246.14.9
DCRat botnet C2 server (confidence level: 50%)
file179.13.2.154
DCRat botnet C2 server (confidence level: 50%)
file111.223.247.163
Unknown malware botnet C2 server (confidence level: 50%)
file101.200.214.198
Unknown malware botnet C2 server (confidence level: 50%)
file121.36.61.185
Unknown malware botnet C2 server (confidence level: 50%)
file101.200.160.159
Unknown malware botnet C2 server (confidence level: 50%)
file194.87.236.115
Unknown malware botnet C2 server (confidence level: 50%)
file106.54.222.22
Unknown malware botnet C2 server (confidence level: 50%)
file38.89.76.175
Bashlite botnet C2 server (confidence level: 75%)
file166.88.61.185
Bashlite botnet C2 server (confidence level: 75%)
file91.92.253.58
Bashlite botnet C2 server (confidence level: 75%)
file91.92.240.123
Bashlite botnet C2 server (confidence level: 75%)
file45.148.244.74
Bashlite botnet C2 server (confidence level: 75%)
file94.156.8.110
MooBot botnet C2 server (confidence level: 100%)
file14.225.219.227
MooBot botnet C2 server (confidence level: 100%)
file23.95.254.136
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.92.242.187
Mirai botnet C2 server (confidence level: 75%)
file79.137.192.4
AMOS botnet C2 server (confidence level: 100%)
file93.123.85.100
Mirai botnet C2 server (confidence level: 100%)
file141.98.10.76
Mirai botnet C2 server (confidence level: 100%)
file89.185.84.115
Mirai botnet C2 server (confidence level: 100%)
file45.61.141.168
RedLine Stealer botnet C2 server (confidence level: 100%)
file202.144.192.44
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.204.177.133
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.204.177.133
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.37.237.168
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.236.185.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file95.217.242.90
Vidar botnet C2 server (confidence level: 100%)
file195.201.47.150
Vidar botnet C2 server (confidence level: 100%)
file202.144.192.44
Cobalt Strike botnet C2 server (confidence level: 100%)
file213.195.121.48
AsyncRAT botnet C2 server (confidence level: 80%)
file72.203.198.245
Xtreme RAT botnet C2 server (confidence level: 80%)
file174.75.184.124
Xtreme RAT botnet C2 server (confidence level: 80%)
file66.50.11.141
Remcos botnet C2 server (confidence level: 80%)
file94.98.197.28
Poison Ivy botnet C2 server (confidence level: 80%)
file207.180.230.175
Havoc botnet C2 server (confidence level: 80%)
file3.105.98.157
Havoc botnet C2 server (confidence level: 80%)
file212.113.106.100
Sliver botnet C2 server (confidence level: 50%)
file137.220.197.178
Havoc botnet C2 server (confidence level: 80%)
file116.177.245.48
Deimos botnet C2 server (confidence level: 50%)
file43.129.31.231
DCRat botnet C2 server (confidence level: 80%)
file88.214.59.115
DCRat botnet C2 server (confidence level: 80%)
file202.95.23.39
DCRat botnet C2 server (confidence level: 80%)
file95.172.23.98
DCRat botnet C2 server (confidence level: 80%)
file185.62.57.235
Responder botnet C2 server (confidence level: 50%)
file46.246.84.3
DCRat botnet C2 server (confidence level: 80%)
file62.1.168.180
QakBot botnet C2 server (confidence level: 50%)
file94.156.10.201
DCRat botnet C2 server (confidence level: 80%)
file86.22.67.194
QakBot botnet C2 server (confidence level: 50%)
file103.186.108.212
DCRat botnet C2 server (confidence level: 80%)
file216.83.36.247
Unknown malware botnet C2 server (confidence level: 50%)
file171.41.198.122
DCRat botnet C2 server (confidence level: 80%)
file46.246.82.12
DCRat botnet C2 server (confidence level: 80%)
file47.93.173.235
Unknown malware botnet C2 server (confidence level: 50%)
file123.57.137.235
Unknown malware botnet C2 server (confidence level: 50%)
file47.93.174.136
Unknown malware botnet C2 server (confidence level: 50%)
file43.128.177.204
Unknown malware botnet C2 server (confidence level: 50%)
file47.108.204.218
Unknown malware botnet C2 server (confidence level: 50%)
file154.40.47.121
Unknown malware botnet C2 server (confidence level: 50%)
file91.92.252.146
Unknown malware botnet C2 server (confidence level: 50%)
file92.63.96.171
Unknown malware botnet C2 server (confidence level: 50%)
file45.128.232.135
FAKEUPDATES botnet C2 server (confidence level: 50%)
file45.128.232.135
FAKEUPDATES botnet C2 server (confidence level: 50%)
file38.92.40.19
RisePro botnet C2 server (confidence level: 80%)
file45.61.139.225
RisePro botnet C2 server (confidence level: 80%)
file104.21.67.23
MintStealer botnet C2 server (confidence level: 80%)
file172.67.211.144
MintStealer botnet C2 server (confidence level: 80%)
file104.21.96.39
MintStealer botnet C2 server (confidence level: 80%)

Hash

ValueDescriptionCopy
hash443
Rhadamanthys botnet C2 server (confidence level: 100%)
hash65503
DCRat botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash591
DCRat botnet C2 server (confidence level: 100%)
hash5556
NjRAT botnet C2 server (confidence level: 75%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8732
Mirai botnet C2 server (confidence level: 75%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash80
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash8443
Havoc botnet C2 server (confidence level: 50%)
hash993
QakBot botnet C2 server (confidence level: 50%)
hash5000
DCRat botnet C2 server (confidence level: 50%)
hash4000
DCRat botnet C2 server (confidence level: 50%)
hash6000
DCRat botnet C2 server (confidence level: 50%)
hash2230
DCRat botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash61915
Bashlite botnet C2 server (confidence level: 75%)
hash606
Bashlite botnet C2 server (confidence level: 75%)
hash23
Bashlite botnet C2 server (confidence level: 75%)
hash999
Bashlite botnet C2 server (confidence level: 75%)
hash839
Bashlite botnet C2 server (confidence level: 75%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash55555
Mirai botnet C2 server (confidence level: 75%)
hash80
AMOS botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash59666
Mirai botnet C2 server (confidence level: 100%)
hash23
Mirai botnet C2 server (confidence level: 100%)
hash35228
RedLine Stealer botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash5432
Vidar botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5001
AsyncRAT botnet C2 server (confidence level: 80%)
hash8009
Xtreme RAT botnet C2 server (confidence level: 80%)
hash2083
Xtreme RAT botnet C2 server (confidence level: 80%)
hash1800
Remcos botnet C2 server (confidence level: 80%)
hash3460
Poison Ivy botnet C2 server (confidence level: 80%)
hash9443
Havoc botnet C2 server (confidence level: 80%)
hash443
Havoc botnet C2 server (confidence level: 80%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash80
Havoc botnet C2 server (confidence level: 80%)
hash4505
Deimos botnet C2 server (confidence level: 50%)
hash8858
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash5555
DCRat botnet C2 server (confidence level: 80%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash7000
DCRat botnet C2 server (confidence level: 80%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash25565
DCRat botnet C2 server (confidence level: 80%)
hash7000
DCRat botnet C2 server (confidence level: 80%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 50%)
hash80
FAKEUPDATES botnet C2 server (confidence level: 50%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash80
MintStealer botnet C2 server (confidence level: 80%)
hash443
MintStealer botnet C2 server (confidence level: 80%)
hash80
MintStealer botnet C2 server (confidence level: 80%)

Domain

ValueDescriptionCopy
domainkuailianv.com
DCRat botnet C2 domain (confidence level: 100%)
domainwinarkamaps.com
Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 75%)
domainstratimasesstr.com
Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 75%)
domainboom.baiduboomboom.tk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainemv1.ib-comm-gateway.com
Mirai botnet C2 domain (confidence level: 100%)
domainzhudaji.com
Mirai botnet C2 domain (confidence level: 100%)
domainrubiconviewer.buzz
Mirai botnet C2 domain (confidence level: 100%)
domainhatsune.network
Mirai botnet C2 domain (confidence level: 100%)
domainint.hatsune.network
Mirai botnet C2 domain (confidence level: 100%)
domaindsbr.cam
Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%)
domainjswl.vipsf888.com
MooBot botnet C2 domain (confidence level: 100%)
domainns1.fdsagwagfdsba.xyz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbaidu.freemetb.top
Cobalt Strike botnet C2 domain (confidence level: 100%)
domain7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.microsoftonline.info
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682acdc2bbaf20d303f183a9

Added to database: 5/19/2025, 6:20:50 AM

Last enriched: 6/18/2025, 9:21:11 AM

Last updated: 8/18/2025, 12:02:13 AM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats