ThreatFox IOCs for 2024-04-10
ThreatFox IOCs for 2024-04-10
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled 'ThreatFox IOCs for 2024-04-10,' originating from the ThreatFox platform, which specializes in sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the distribution or delivery of malicious payloads potentially observable through network traffic analysis. However, the report lacks specific details about affected software versions, vulnerabilities exploited, or concrete indicators such as hashes, IP addresses, or domains. The absence of known exploits in the wild and the lack of patch availability suggest that this threat intelligence is primarily focused on detection and monitoring rather than an active, widespread exploitation campaign. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores indicating moderate confidence and dissemination. The 'tlp:white' tag implies that the information is intended for broad sharing without restrictions. Overall, this intelligence appears to be a collection of IOCs related to malware activity observed or predicted around April 10, 2024, intended to aid security teams in identifying and mitigating potential threats through OSINT methods and network monitoring tools.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium due to the lack of specific exploit details or active widespread attacks. The threat's focus on payload delivery and network activity suggests potential risks to confidentiality and integrity if malicious payloads are successfully delivered and executed within organizational networks. However, since no known exploits are reported in the wild and no patches are available, the immediate risk of compromise is limited. European entities relying heavily on network monitoring and OSINT for threat detection may benefit from incorporating these IOCs to enhance situational awareness. The threat could potentially be used as a vector for targeted attacks or espionage, especially against sectors with high-value data or critical infrastructure. The absence of authentication or user interaction requirements in the data limits the assessment, but given the malware classification, some level of user or system interaction might be necessary for payload execution. Overall, the threat poses a moderate risk that could escalate if further exploitation details emerge.
Mitigation Recommendations
1. Integrate the provided ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities for related network activity and payload delivery attempts. 2. Conduct regular network traffic analysis focusing on anomalies that match the behavioral patterns associated with the reported malware activity, leveraging OSINT feeds to correlate suspicious events. 3. Implement strict network segmentation and least privilege principles to limit the potential spread and impact of any payload delivery within the organizational environment. 4. Enhance endpoint detection and response (EDR) solutions to monitor for unusual process executions or payload behaviors that align with the threat profile. 5. Educate security teams on the importance of OSINT in threat hunting and encourage proactive monitoring of ThreatFox and similar platforms for updated IOCs. 6. Since no patches are available, prioritize hardening of network defenses and timely application of security best practices, including up-to-date antivirus signatures and firewall rules. 7. Establish incident response playbooks that include procedures for analyzing and responding to detections related to these IOCs to minimize dwell time and impact.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: https://ahhhuu22cxxx.com/zdfmmdlmzwe1ztji/
- url: https://h23hxa22f3f2a.com/zdfmmdlmzwe1ztji/
- url: https://h13f2hah2aa.com/zdfmmdlmzwe1ztji/
- url: https://cwcwac3f422af.com/zdfmmdlmzwe1ztji/
- url: https://g2agfawfw.com/zdfmmdlmzwe1ztji/
- file: 77.221.137.22
- hash: 443
- file: 47.242.231.229
- hash: 65503
- file: 51.68.169.77
- hash: 443
- file: 89.105.201.98
- hash: 591
- file: 179.13.0.175
- hash: 5556
- url: https://154.23.178.106/lets.exe
- url: http://38.181.35.175/lets.exe
- url: https://154.23.178.139/lets.exe
- url: http://154.23.178.70/lets.exe
- domain: kuailianv.com
- domain: winarkamaps.com
- domain: stratimasesstr.com
- url: https://boom.baiduboomboom.tk:2096/__utm.gif
- domain: boom.baiduboomboom.tk
- file: 1.15.247.249
- hash: 2096
- file: 51.79.87.4
- hash: 8732
- url: https://116.203.15.18/
- file: 116.203.15.18
- hash: 443
- file: 167.71.105.169
- hash: 443
- file: 47.245.38.152
- hash: 443
- file: 47.236.151.19
- hash: 443
- file: 167.172.246.65
- hash: 80
- file: 167.172.246.65
- hash: 443
- file: 8.140.193.181
- hash: 8443
- file: 97.118.50.67
- hash: 993
- file: 188.126.90.3
- hash: 5000
- file: 51.116.96.182
- hash: 4000
- file: 46.246.14.9
- hash: 6000
- file: 179.13.2.154
- hash: 2230
- file: 111.223.247.163
- hash: 8888
- file: 101.200.214.198
- hash: 8888
- file: 121.36.61.185
- hash: 8888
- file: 101.200.160.159
- hash: 8888
- file: 194.87.236.115
- hash: 80
- file: 106.54.222.22
- hash: 80
- file: 38.89.76.175
- hash: 61915
- file: 166.88.61.185
- hash: 606
- file: 91.92.253.58
- hash: 23
- file: 91.92.240.123
- hash: 999
- file: 45.148.244.74
- hash: 839
- domain: emv1.ib-comm-gateway.com
- domain: zhudaji.com
- domain: rubiconviewer.buzz
- domain: hatsune.network
- domain: int.hatsune.network
- url: https://covid19help.top/pdtzx.scr
- domain: dsbr.cam
- file: 94.156.8.110
- hash: 80
- file: 14.225.219.227
- hash: 80
- domain: jswl.vipsf888.com
- url: https://119.91.214.152/ie9compatviewlist.xml
- url: https://23.95.254.136/jquery-3.3.1.min.js
- file: 23.95.254.136
- hash: 443
- url: https://cmsdisybnererdefs.shop/mjm2ytbkogjlzju1/
- url: https://cmsdisybnererdasd65.shop/mjm2ytbkogjlzju1/
- url: https://cmsdisybnererdgfdgn2.com/mjm2ytbkogjlzju1/
- url: https://cmsdisybnererd5345.com/mjm2ytbkogjlzju1/
- file: 91.92.242.187
- hash: 55555
- file: 79.137.192.4
- hash: 80
- url: http://samsunguniverse.com/wp-content/unsalted-condensed-soups/
- url: http://116.205.228.160/g.pixel
- url: https://felizcity.com/wp-content/plugins/jetpack/json-endpoints/jetpack/hays_compiled_documents.zip
- url: https://156.251.162.29/ptj
- url: http://120.46.130.73:6666/updates.rss
- url: https://43.153.222.28/match
- file: 93.123.85.100
- hash: 1337
- file: 141.98.10.76
- hash: 59666
- file: 89.185.84.115
- hash: 23
- file: 45.61.141.168
- hash: 35228
- domain: ns1.fdsagwagfdsba.xyz
- file: 202.144.192.44
- hash: 53
- file: 154.204.177.133
- hash: 80
- url: http://121.37.237.168:10000/updates.rss
- url: https://173.249.196.234/cm
- url: https://baidu.freemetb.top/azure/api/v2/userinfo/get
- domain: baidu.freemetb.top
- url: https://193.32.149.59/j.ad
- url: http://114.132.62.71:8080/ga.js
- file: 154.204.177.133
- hash: 443
- url: http://121.37.237.168/cx
- file: 121.37.237.168
- hash: 80
- url: http://7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top/api/get
- domain: 7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top
- url: http://49.232.55.153/cx
- url: http://173.249.196.234/fwlink
- url: http://192.168.208.130:9999/j.ad
- url: http://62.234.27.204/download/20/zo2xy7a4bowu
- url: http://154.92.14.6/load
- url: https://47.236.185.166/__utm.gif
- file: 47.236.185.166
- hash: 443
- url: https://www.microsoftonline.info:8443/j.ad
- domain: www.microsoftonline.info
- url: http://8.220.200.34:8080/jquery-3.3.1.min.js
- file: 95.217.242.90
- hash: 443
- file: 195.201.47.150
- hash: 5432
- url: https://95.217.242.90/
- url: https://195.201.47.150:5432/
- url: http://202.144.192.44/jquery-3.3.1.min.js
- file: 202.144.192.44
- hash: 80
- url: http://38.6.178.161/api/get
- url: http://123.56.226.153:9999/ga.js
- file: 213.195.121.48
- hash: 5001
- file: 72.203.198.245
- hash: 8009
- file: 174.75.184.124
- hash: 2083
- file: 66.50.11.141
- hash: 1800
- file: 94.98.197.28
- hash: 3460
- file: 207.180.230.175
- hash: 9443
- file: 3.105.98.157
- hash: 443
- file: 212.113.106.100
- hash: 31337
- file: 137.220.197.178
- hash: 80
- file: 116.177.245.48
- hash: 4505
- file: 43.129.31.231
- hash: 8858
- file: 88.214.59.115
- hash: 8848
- file: 202.95.23.39
- hash: 5555
- file: 95.172.23.98
- hash: 8848
- file: 185.62.57.235
- hash: 445
- file: 46.246.84.3
- hash: 7000
- file: 62.1.168.180
- hash: 995
- file: 94.156.10.201
- hash: 8848
- file: 86.22.67.194
- hash: 443
- file: 103.186.108.212
- hash: 8848
- file: 216.83.36.247
- hash: 8888
- file: 171.41.198.122
- hash: 25565
- file: 46.246.82.12
- hash: 7000
- file: 47.93.173.235
- hash: 8888
- file: 123.57.137.235
- hash: 8888
- file: 47.93.174.136
- hash: 8888
- file: 43.128.177.204
- hash: 8888
- file: 47.108.204.218
- hash: 8888
- file: 154.40.47.121
- hash: 80
- file: 91.92.252.146
- hash: 80
- file: 92.63.96.171
- hash: 80
- file: 45.128.232.135
- hash: 443
- file: 45.128.232.135
- hash: 80
- file: 38.92.40.19
- hash: 8081
- file: 45.61.139.225
- hash: 8081
- file: 104.21.67.23
- hash: 80
- file: 172.67.211.144
- hash: 443
- file: 104.21.96.39
- hash: 80
- url: http://24.199.107.111/index.php/88746289041
ThreatFox IOCs for 2024-04-10
Description
ThreatFox IOCs for 2024-04-10
AI-Powered Analysis
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled 'ThreatFox IOCs for 2024-04-10,' originating from the ThreatFox platform, which specializes in sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the distribution or delivery of malicious payloads potentially observable through network traffic analysis. However, the report lacks specific details about affected software versions, vulnerabilities exploited, or concrete indicators such as hashes, IP addresses, or domains. The absence of known exploits in the wild and the lack of patch availability suggest that this threat intelligence is primarily focused on detection and monitoring rather than an active, widespread exploitation campaign. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores indicating moderate confidence and dissemination. The 'tlp:white' tag implies that the information is intended for broad sharing without restrictions. Overall, this intelligence appears to be a collection of IOCs related to malware activity observed or predicted around April 10, 2024, intended to aid security teams in identifying and mitigating potential threats through OSINT methods and network monitoring tools.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium due to the lack of specific exploit details or active widespread attacks. The threat's focus on payload delivery and network activity suggests potential risks to confidentiality and integrity if malicious payloads are successfully delivered and executed within organizational networks. However, since no known exploits are reported in the wild and no patches are available, the immediate risk of compromise is limited. European entities relying heavily on network monitoring and OSINT for threat detection may benefit from incorporating these IOCs to enhance situational awareness. The threat could potentially be used as a vector for targeted attacks or espionage, especially against sectors with high-value data or critical infrastructure. The absence of authentication or user interaction requirements in the data limits the assessment, but given the malware classification, some level of user or system interaction might be necessary for payload execution. Overall, the threat poses a moderate risk that could escalate if further exploitation details emerge.
Mitigation Recommendations
1. Integrate the provided ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities for related network activity and payload delivery attempts. 2. Conduct regular network traffic analysis focusing on anomalies that match the behavioral patterns associated with the reported malware activity, leveraging OSINT feeds to correlate suspicious events. 3. Implement strict network segmentation and least privilege principles to limit the potential spread and impact of any payload delivery within the organizational environment. 4. Enhance endpoint detection and response (EDR) solutions to monitor for unusual process executions or payload behaviors that align with the threat profile. 5. Educate security teams on the importance of OSINT in threat hunting and encourage proactive monitoring of ThreatFox and similar platforms for updated IOCs. 6. Since no patches are available, prioritize hardening of network defenses and timely application of security best practices, including up-to-date antivirus signatures and firewall rules. 7. Establish incident response playbooks that include procedures for analyzing and responding to detections related to these IOCs to minimize dwell time and impact.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ff6a2b9e-7bd1-4096-b8cb-a068b79063e8
- Original Timestamp
- 1712793786
Indicators of Compromise
Url
Value | Description | Copy |
---|---|---|
urlhttps://ahhhuu22cxxx.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://h23hxa22f3f2a.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://h13f2hah2aa.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cwcwac3f422af.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://g2agfawfw.com/zdfmmdlmzwe1ztji/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://154.23.178.106/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttp://38.181.35.175/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttps://154.23.178.139/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttp://154.23.178.70/lets.exe | DCRat payload delivery URL (confidence level: 100%) | |
urlhttps://boom.baiduboomboom.tk:2096/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://116.203.15.18/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://covid19help.top/pdtzx.scr | Remcos payload delivery URL (confidence level: 100%) | |
urlhttps://119.91.214.152/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.95.254.136/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cmsdisybnererdefs.shop/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cmsdisybnererdasd65.shop/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cmsdisybnererdgfdgn2.com/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cmsdisybnererd5345.com/mjm2ytbkogjlzju1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://samsunguniverse.com/wp-content/unsalted-condensed-soups/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://116.205.228.160/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://felizcity.com/wp-content/plugins/jetpack/json-endpoints/jetpack/hays_compiled_documents.zip | Cobalt Strike payload delivery URL (confidence level: 100%) | |
urlhttps://156.251.162.29/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.46.130.73:6666/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.153.222.28/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.37.237.168:10000/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://173.249.196.234/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://baidu.freemetb.top/azure/api/v2/userinfo/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://193.32.149.59/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://114.132.62.71:8080/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.37.237.168/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top/api/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://49.232.55.153/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://173.249.196.234/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.168.208.130:9999/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://62.234.27.204/download/20/zo2xy7a4bowu | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://154.92.14.6/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.236.185.166/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.microsoftonline.info:8443/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://8.220.200.34:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://95.217.242.90/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://195.201.47.150:5432/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://202.144.192.44/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://38.6.178.161/api/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://123.56.226.153:9999/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://24.199.107.111/index.php/88746289041 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) |
File
Value | Description | Copy |
---|---|---|
file77.221.137.22 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file47.242.231.229 | DCRat botnet C2 server (confidence level: 100%) | |
file51.68.169.77 | DCRat botnet C2 server (confidence level: 100%) | |
file89.105.201.98 | DCRat botnet C2 server (confidence level: 100%) | |
file179.13.0.175 | NjRAT botnet C2 server (confidence level: 75%) | |
file1.15.247.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.79.87.4 | Mirai botnet C2 server (confidence level: 75%) | |
file116.203.15.18 | Vidar botnet C2 server (confidence level: 100%) | |
file167.71.105.169 | Havoc botnet C2 server (confidence level: 50%) | |
file47.245.38.152 | Havoc botnet C2 server (confidence level: 50%) | |
file47.236.151.19 | Havoc botnet C2 server (confidence level: 50%) | |
file167.172.246.65 | Havoc botnet C2 server (confidence level: 50%) | |
file167.172.246.65 | Havoc botnet C2 server (confidence level: 50%) | |
file8.140.193.181 | Havoc botnet C2 server (confidence level: 50%) | |
file97.118.50.67 | QakBot botnet C2 server (confidence level: 50%) | |
file188.126.90.3 | DCRat botnet C2 server (confidence level: 50%) | |
file51.116.96.182 | DCRat botnet C2 server (confidence level: 50%) | |
file46.246.14.9 | DCRat botnet C2 server (confidence level: 50%) | |
file179.13.2.154 | DCRat botnet C2 server (confidence level: 50%) | |
file111.223.247.163 | Unknown malware botnet C2 server (confidence level: 50%) | |
file101.200.214.198 | Unknown malware botnet C2 server (confidence level: 50%) | |
file121.36.61.185 | Unknown malware botnet C2 server (confidence level: 50%) | |
file101.200.160.159 | Unknown malware botnet C2 server (confidence level: 50%) | |
file194.87.236.115 | Unknown malware botnet C2 server (confidence level: 50%) | |
file106.54.222.22 | Unknown malware botnet C2 server (confidence level: 50%) | |
file38.89.76.175 | Bashlite botnet C2 server (confidence level: 75%) | |
file166.88.61.185 | Bashlite botnet C2 server (confidence level: 75%) | |
file91.92.253.58 | Bashlite botnet C2 server (confidence level: 75%) | |
file91.92.240.123 | Bashlite botnet C2 server (confidence level: 75%) | |
file45.148.244.74 | Bashlite botnet C2 server (confidence level: 75%) | |
file94.156.8.110 | MooBot botnet C2 server (confidence level: 100%) | |
file14.225.219.227 | MooBot botnet C2 server (confidence level: 100%) | |
file23.95.254.136 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.242.187 | Mirai botnet C2 server (confidence level: 75%) | |
file79.137.192.4 | AMOS botnet C2 server (confidence level: 100%) | |
file93.123.85.100 | Mirai botnet C2 server (confidence level: 100%) | |
file141.98.10.76 | Mirai botnet C2 server (confidence level: 100%) | |
file89.185.84.115 | Mirai botnet C2 server (confidence level: 100%) | |
file45.61.141.168 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file202.144.192.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.204.177.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.204.177.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.237.168 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.236.185.166 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.217.242.90 | Vidar botnet C2 server (confidence level: 100%) | |
file195.201.47.150 | Vidar botnet C2 server (confidence level: 100%) | |
file202.144.192.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file213.195.121.48 | AsyncRAT botnet C2 server (confidence level: 80%) | |
file72.203.198.245 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
file174.75.184.124 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
file66.50.11.141 | Remcos botnet C2 server (confidence level: 80%) | |
file94.98.197.28 | Poison Ivy botnet C2 server (confidence level: 80%) | |
file207.180.230.175 | Havoc botnet C2 server (confidence level: 80%) | |
file3.105.98.157 | Havoc botnet C2 server (confidence level: 80%) | |
file212.113.106.100 | Sliver botnet C2 server (confidence level: 50%) | |
file137.220.197.178 | Havoc botnet C2 server (confidence level: 80%) | |
file116.177.245.48 | Deimos botnet C2 server (confidence level: 50%) | |
file43.129.31.231 | DCRat botnet C2 server (confidence level: 80%) | |
file88.214.59.115 | DCRat botnet C2 server (confidence level: 80%) | |
file202.95.23.39 | DCRat botnet C2 server (confidence level: 80%) | |
file95.172.23.98 | DCRat botnet C2 server (confidence level: 80%) | |
file185.62.57.235 | Responder botnet C2 server (confidence level: 50%) | |
file46.246.84.3 | DCRat botnet C2 server (confidence level: 80%) | |
file62.1.168.180 | QakBot botnet C2 server (confidence level: 50%) | |
file94.156.10.201 | DCRat botnet C2 server (confidence level: 80%) | |
file86.22.67.194 | QakBot botnet C2 server (confidence level: 50%) | |
file103.186.108.212 | DCRat botnet C2 server (confidence level: 80%) | |
file216.83.36.247 | Unknown malware botnet C2 server (confidence level: 50%) | |
file171.41.198.122 | DCRat botnet C2 server (confidence level: 80%) | |
file46.246.82.12 | DCRat botnet C2 server (confidence level: 80%) | |
file47.93.173.235 | Unknown malware botnet C2 server (confidence level: 50%) | |
file123.57.137.235 | Unknown malware botnet C2 server (confidence level: 50%) | |
file47.93.174.136 | Unknown malware botnet C2 server (confidence level: 50%) | |
file43.128.177.204 | Unknown malware botnet C2 server (confidence level: 50%) | |
file47.108.204.218 | Unknown malware botnet C2 server (confidence level: 50%) | |
file154.40.47.121 | Unknown malware botnet C2 server (confidence level: 50%) | |
file91.92.252.146 | Unknown malware botnet C2 server (confidence level: 50%) | |
file92.63.96.171 | Unknown malware botnet C2 server (confidence level: 50%) | |
file45.128.232.135 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
file45.128.232.135 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
file38.92.40.19 | RisePro botnet C2 server (confidence level: 80%) | |
file45.61.139.225 | RisePro botnet C2 server (confidence level: 80%) | |
file104.21.67.23 | MintStealer botnet C2 server (confidence level: 80%) | |
file172.67.211.144 | MintStealer botnet C2 server (confidence level: 80%) | |
file104.21.96.39 | MintStealer botnet C2 server (confidence level: 80%) |
Hash
Value | Description | Copy |
---|---|---|
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash65503 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash591 | DCRat botnet C2 server (confidence level: 100%) | |
hash5556 | NjRAT botnet C2 server (confidence level: 75%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8732 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash8443 | Havoc botnet C2 server (confidence level: 50%) | |
hash993 | QakBot botnet C2 server (confidence level: 50%) | |
hash5000 | DCRat botnet C2 server (confidence level: 50%) | |
hash4000 | DCRat botnet C2 server (confidence level: 50%) | |
hash6000 | DCRat botnet C2 server (confidence level: 50%) | |
hash2230 | DCRat botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash61915 | Bashlite botnet C2 server (confidence level: 75%) | |
hash606 | Bashlite botnet C2 server (confidence level: 75%) | |
hash23 | Bashlite botnet C2 server (confidence level: 75%) | |
hash999 | Bashlite botnet C2 server (confidence level: 75%) | |
hash839 | Bashlite botnet C2 server (confidence level: 75%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash55555 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | AMOS botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash59666 | Mirai botnet C2 server (confidence level: 100%) | |
hash23 | Mirai botnet C2 server (confidence level: 100%) | |
hash35228 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash5432 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5001 | AsyncRAT botnet C2 server (confidence level: 80%) | |
hash8009 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
hash2083 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
hash1800 | Remcos botnet C2 server (confidence level: 80%) | |
hash3460 | Poison Ivy botnet C2 server (confidence level: 80%) | |
hash9443 | Havoc botnet C2 server (confidence level: 80%) | |
hash443 | Havoc botnet C2 server (confidence level: 80%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 80%) | |
hash4505 | Deimos botnet C2 server (confidence level: 50%) | |
hash8858 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash5555 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash7000 | DCRat botnet C2 server (confidence level: 80%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash25565 | DCRat botnet C2 server (confidence level: 80%) | |
hash7000 | DCRat botnet C2 server (confidence level: 80%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
hash80 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash80 | MintStealer botnet C2 server (confidence level: 80%) | |
hash443 | MintStealer botnet C2 server (confidence level: 80%) | |
hash80 | MintStealer botnet C2 server (confidence level: 80%) |
Domain
Value | Description | Copy |
---|---|---|
domainkuailianv.com | DCRat botnet C2 domain (confidence level: 100%) | |
domainwinarkamaps.com | Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 75%) | |
domainstratimasesstr.com | Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 75%) | |
domainboom.baiduboomboom.tk | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainemv1.ib-comm-gateway.com | Mirai botnet C2 domain (confidence level: 100%) | |
domainzhudaji.com | Mirai botnet C2 domain (confidence level: 100%) | |
domainrubiconviewer.buzz | Mirai botnet C2 domain (confidence level: 100%) | |
domainhatsune.network | Mirai botnet C2 domain (confidence level: 100%) | |
domainint.hatsune.network | Mirai botnet C2 domain (confidence level: 100%) | |
domaindsbr.cam | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%) | |
domainjswl.vipsf888.com | MooBot botnet C2 domain (confidence level: 100%) | |
domainns1.fdsagwagfdsba.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainbaidu.freemetb.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain7b7cd24ea6f08b711cf4053beac43cc5.melonhack.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.microsoftonline.info | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682acdc2bbaf20d303f183a9
Added to database: 5/19/2025, 6:20:50 AM
Last enriched: 6/18/2025, 9:21:11 AM
Last updated: 8/18/2025, 12:02:13 AM
Views: 8
Related Threats
ThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.