ThreatFox IOCs for 2024-05-03
ThreatFox IOCs for 2024-05-03
AI Analysis
Technical Summary
The provided threat intelligence relates to a malware category entry titled "ThreatFox IOCs for 2024-05-03," sourced from ThreatFox, which is a platform for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under the 'malware' type and is associated with OSINT (Open Source Intelligence) tools or data, as indicated by the product field. However, there are no specific affected software versions, CWE identifiers, or patch links provided, and no known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or availability of the threat data. The lack of detailed technical indicators or specific malware family information limits the ability to perform a deep technical dissection. The entry appears to be a general IOC update rather than a description of a novel or actively exploited malware variant. The TLP (Traffic Light Protocol) classification is white, indicating that the information is publicly shareable without restriction. Overall, this entry represents a medium-severity malware-related intelligence update with limited actionable technical specifics.
Potential Impact
Given the absence of detailed technical indicators, affected software versions, or exploit information, the direct impact on European organizations is currently limited. However, the distribution rating of 3 suggests that the IOCs or related malware samples may be moderately widespread, potentially increasing the risk of detection or infection if organizations do not maintain adequate threat detection capabilities. The medium severity rating implies that while the threat is not immediately critical, it could lead to unauthorized access, data exfiltration, or disruption if leveraged in targeted attacks. European organizations relying on OSINT tools or those monitoring ThreatFox feeds for threat intelligence should be aware of these IOCs to enhance their detection and response capabilities. The lack of known exploits in the wild reduces immediate risk but does not preclude future exploitation. Therefore, the impact is primarily in the domain of threat awareness and preparedness rather than active compromise.
Mitigation Recommendations
1. Integrate the latest ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of IOC data to maintain up-to-date situational awareness. 3. Conduct targeted threat hunting exercises using the provided IOCs to identify any potential compromise or suspicious activity within the network. 4. Strengthen OSINT tool security by applying best practices such as network segmentation, least privilege access, and regular software updates, even though no specific affected versions are listed. 5. Educate security teams on interpreting and operationalizing OSINT-based IOCs to improve incident response effectiveness. 6. Monitor ThreatFox and similar platforms for updates or new indicators related to this threat to respond promptly to any escalation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: c2.sns-labs.net
- domain: appxoxo.com
- domain: cargillrewards.com
- domain: dexhub.pro
- domain: gp.miaoys.cc
- domain: dcftjs8112.woodensunbeds.com
- domain: api.data.nextb.top
- domain: 77mh.icu
- domain: cpcontacts.maasssa.duckdns.org
- domain: test2.tcash.sigmacomp.pl
- domain: www.binarycode.vip
- domain: www.appxoxo.com
- file: 103.40.161.161
- hash: 80
- file: 38.6.193.9
- hash: 3588
- file: 24.144.96.216
- hash: 8081
- file: 59.110.91.44
- hash: 80
- domain: empames.com
- file: 54.205.59.212
- hash: 80
- file: 54.255.171.65
- hash: 81
- file: 110.41.184.136
- hash: 443
- domain: www.paamsa.duckdns.org
- file: 45.152.115.131
- hash: 4444
- file: 62.234.180.14
- hash: 8089
- file: 185.91.127.221
- hash: 1340
- file: 47.120.16.255
- hash: 7000
- file: 20.41.84.113
- hash: 8089
- file: 188.116.22.177
- hash: 80
- file: 91.92.245.12
- hash: 8081
- file: 47.96.252.193
- hash: 5555
- file: 45.12.53.231
- hash: 80
- file: 36.111.191.33
- hash: 8888
- file: 212.64.24.30
- hash: 18080
- file: 212.64.24.30
- hash: 443
- file: 119.45.21.247
- hash: 8080
- file: 47.115.215.30
- hash: 6666
- file: 114.55.116.176
- hash: 6000
- file: 120.78.3.11
- hash: 80
- file: 150.158.75.102
- hash: 15478
- file: 123.57.205.182
- hash: 80
- file: 123.57.205.182
- hash: 443
- file: 18.167.36.79
- hash: 80
- file: 18.167.36.79
- hash: 6443
- file: 180.210.220.75
- hash: 8443
- file: 103.234.54.136
- hash: 80
- file: 147.135.211.38
- hash: 80
- file: 38.181.57.174
- hash: 80
- file: 101.43.43.245
- hash: 80
- file: 13.212.24.201
- hash: 81
- file: 18.162.61.95
- hash: 443
- file: 38.6.193.10
- hash: 3588
- file: 103.150.10.45
- hash: 9443
- file: 154.198.227.90
- hash: 8088
- file: 194.36.178.33
- hash: 37732
- file: 147.185.221.19
- hash: 33587
- domain: tkanilux.com.ua
- file: 147.185.221.19
- hash: 42294
- domain: reviews-christians.gl.at.ply.gg
- file: 193.142.146.21
- hash: 2404
- file: 185.234.67.47
- hash: 4047
- file: 172.111.244.68
- hash: 4047
- domain: quickdatenight.duckdns.org
- domain: laitheliar.duckdns.org
- file: 94.156.71.74
- hash: 666
- file: 193.3.19.136
- hash: 31337
- file: 193.3.19.136
- hash: 8443
- file: 77.37.43.47
- hash: 7443
- file: 39.185.245.204
- hash: 4505
- file: 147.45.136.226
- hash: 443
- file: 217.165.15.83
- hash: 443
- domain: minuoddos.xyz
- file: 139.59.110.64
- hash: 80
- file: 198.98.59.177
- hash: 8848
- file: 8.218.244.117
- hash: 443
- file: 103.158.190.167
- hash: 443
- file: 47.242.52.22
- hash: 443
- file: 193.56.255.142
- hash: 443
- file: 8.210.4.242
- hash: 443
- file: 38.60.193.62
- hash: 443
- file: 8.210.167.64
- hash: 443
- file: 8.210.134.47
- hash: 443
- file: 139.180.208.107
- hash: 443
- file: 8.210.174.168
- hash: 443
- file: 8.218.17.11
- hash: 443
- file: 8.217.84.192
- hash: 443
- file: 8.218.163.77
- hash: 443
- file: 8.218.248.158
- hash: 443
- file: 8.218.56.204
- hash: 443
- file: 8.218.217.76
- hash: 443
- file: 8.217.0.193
- hash: 443
- file: 8.217.96.167
- hash: 443
- file: 94.131.110.28
- hash: 443
- file: 64.176.8.105
- hash: 443
- file: 128.14.105.154
- hash: 443
- file: 45.116.78.250
- hash: 443
- file: 146.70.157.115
- hash: 443
- file: 45.32.115.37
- hash: 443
- file: 207.148.95.161
- hash: 443
- file: 185.167.61.21
- hash: 443
- file: 164.215.103.248
- hash: 443
- file: 173.199.71.24
- hash: 443
- file: 8.217.107.25
- hash: 443
- file: 47.243.60.4
- hash: 443
- file: 8.210.168.192
- hash: 443
- file: 8.218.193.197
- hash: 443
- file: 8.210.74.92
- hash: 443
- file: 8.218.128.35
- hash: 443
- file: 8.218.213.245
- hash: 443
- file: 8.210.221.119
- hash: 443
- file: 45.159.250.235
- hash: 443
- file: 185.81.114.45
- hash: 443
- file: 8.217.122.135
- hash: 443
- url: http://10.0.0.206/ga.js
- file: 193.124.41.246
- hash: 443
- url: http://81.71.127.160:8888/match
- url: http://investment.kumbaraan.biz.id/dhl
- domain: investment.kumbaraan.biz.id
- url: https://chniabank.com:2083/api/x
- file: 37.120.235.122
- hash: 2269
- url: http://207.148.109.8:443/ptj
- file: 194.140.198.234
- hash: 9993
- url: http://101.99.93.222/pixel.gif
- file: 101.99.93.222
- hash: 80
- domain: cecilio.one
- domain: bobs.kraken11op.ru
- url: http://47.96.174.24:8060/p7mi
- file: 217.138.215.79
- hash: 80
- url: http://207.148.109.8:443/sig32.gif
- file: 207.148.109.8
- hash: 443
- file: 109.120.133.115
- hash: 443
- url: http://114.132.62.71:8082/dot.gif
- url: https://support.popuiarenlinea.com/lv
- domain: support.popuiarenlinea.com
- file: 142.171.104.108
- hash: 443
- url: http://103.234.54.136/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- url: http://47.109.48.193:2345/__utm.gif
- url: http://120.25.2.115:8000/j.ad
- url: https://62.204.41.11/updates.rss
- file: 8.218.228.15
- hash: 60478
- file: 68.168.211.94
- hash: 2052
- file: 89.105.201.183
- hash: 2023
- file: 185.107.56.48
- hash: 443
- file: 99.83.190.128
- hash: 443
- file: 51.15.225.131
- hash: 40056
- file: 139.59.110.64
- hash: 8888
- file: 144.76.71.93
- hash: 313
- url: http://a0947008.xsph.ru/_defaultwindows.php
- url: http://reallysrv.top/authdefaultdle.php
- file: 147.185.221.19
- hash: 39717
- file: 146.19.143.134
- hash: 443
- file: 109.120.178.235
- hash: 26632
- file: 188.114.97.9
- hash: 80
ThreatFox IOCs for 2024-05-03
Description
ThreatFox IOCs for 2024-05-03
AI-Powered Analysis
Technical Analysis
The provided threat intelligence relates to a malware category entry titled "ThreatFox IOCs for 2024-05-03," sourced from ThreatFox, which is a platform for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under the 'malware' type and is associated with OSINT (Open Source Intelligence) tools or data, as indicated by the product field. However, there are no specific affected software versions, CWE identifiers, or patch links provided, and no known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or availability of the threat data. The lack of detailed technical indicators or specific malware family information limits the ability to perform a deep technical dissection. The entry appears to be a general IOC update rather than a description of a novel or actively exploited malware variant. The TLP (Traffic Light Protocol) classification is white, indicating that the information is publicly shareable without restriction. Overall, this entry represents a medium-severity malware-related intelligence update with limited actionable technical specifics.
Potential Impact
Given the absence of detailed technical indicators, affected software versions, or exploit information, the direct impact on European organizations is currently limited. However, the distribution rating of 3 suggests that the IOCs or related malware samples may be moderately widespread, potentially increasing the risk of detection or infection if organizations do not maintain adequate threat detection capabilities. The medium severity rating implies that while the threat is not immediately critical, it could lead to unauthorized access, data exfiltration, or disruption if leveraged in targeted attacks. European organizations relying on OSINT tools or those monitoring ThreatFox feeds for threat intelligence should be aware of these IOCs to enhance their detection and response capabilities. The lack of known exploits in the wild reduces immediate risk but does not preclude future exploitation. Therefore, the impact is primarily in the domain of threat awareness and preparedness rather than active compromise.
Mitigation Recommendations
1. Integrate the latest ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of IOC data to maintain up-to-date situational awareness. 3. Conduct targeted threat hunting exercises using the provided IOCs to identify any potential compromise or suspicious activity within the network. 4. Strengthen OSINT tool security by applying best practices such as network segmentation, least privilege access, and regular software updates, even though no specific affected versions are listed. 5. Educate security teams on interpreting and operationalizing OSINT-based IOCs to improve incident response effectiveness. 6. Monitor ThreatFox and similar platforms for updates or new indicators related to this threat to respond promptly to any escalation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ec45e28f-52f3-4b32-87b6-d32b9b5d7760
- Original Timestamp
- 1714780988
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainc2.sns-labs.net | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainappxoxo.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincargillrewards.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindexhub.pro | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaingp.miaoys.cc | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindcftjs8112.woodensunbeds.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainapi.data.nextb.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain77mh.icu | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.maasssa.duckdns.org | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaintest2.tcash.sigmacomp.pl | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.binarycode.vip | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.appxoxo.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainempames.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.paamsa.duckdns.org | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaintkanilux.com.ua | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%) | |
domainreviews-christians.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainquickdatenight.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainlaitheliar.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainminuoddos.xyz | MooBot botnet C2 domain (confidence level: 100%) | |
domaininvestment.kumbaraan.biz.id | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincecilio.one | Mirai botnet C2 domain (confidence level: 100%) | |
domainbobs.kraken11op.ru | Mirai botnet C2 domain (confidence level: 100%) | |
domainsupport.popuiarenlinea.com | Cobalt Strike botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file103.40.161.161 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.6.193.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file24.144.96.216 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file59.110.91.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.205.59.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.255.171.65 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.41.184.136 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.152.115.131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.234.180.14 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.91.127.221 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.120.16.255 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.41.84.113 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file188.116.22.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.245.12 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.96.252.193 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.12.53.231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file36.111.191.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.64.24.30 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.64.24.30 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.45.21.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.115.215.30 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.55.116.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.78.3.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.158.75.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.205.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.205.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.167.36.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.167.36.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file180.210.220.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.234.54.136 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.135.211.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.181.57.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.43.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file13.212.24.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.162.61.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.6.193.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.150.10.45 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.198.227.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.36.178.33 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.19 | N-W0rm botnet C2 server (confidence level: 100%) | |
file147.185.221.19 | NjRAT botnet C2 server (confidence level: 75%) | |
file193.142.146.21 | Remcos botnet C2 server (confidence level: 100%) | |
file185.234.67.47 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.244.68 | Remcos botnet C2 server (confidence level: 100%) | |
file94.156.71.74 | Bashlite botnet C2 server (confidence level: 75%) | |
file193.3.19.136 | Sliver botnet C2 server (confidence level: 50%) | |
file193.3.19.136 | Sliver botnet C2 server (confidence level: 50%) | |
file77.37.43.47 | Unknown malware botnet C2 server (confidence level: 50%) | |
file39.185.245.204 | Deimos botnet C2 server (confidence level: 50%) | |
file147.45.136.226 | Havoc botnet C2 server (confidence level: 50%) | |
file217.165.15.83 | QakBot botnet C2 server (confidence level: 50%) | |
file139.59.110.64 | Unknown malware botnet C2 server (confidence level: 50%) | |
file198.98.59.177 | MooBot botnet C2 server (confidence level: 75%) | |
file8.218.244.117 | ShadowPad botnet C2 server (confidence level: 100%) | |
file103.158.190.167 | ShadowPad botnet C2 server (confidence level: 100%) | |
file47.242.52.22 | ShadowPad botnet C2 server (confidence level: 100%) | |
file193.56.255.142 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.210.4.242 | ShadowPad botnet C2 server (confidence level: 100%) | |
file38.60.193.62 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.210.167.64 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.210.134.47 | ShadowPad botnet C2 server (confidence level: 100%) | |
file139.180.208.107 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.210.174.168 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.218.17.11 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.217.84.192 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.218.163.77 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.218.248.158 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.218.56.204 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.218.217.76 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.217.0.193 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.217.96.167 | ShadowPad botnet C2 server (confidence level: 100%) | |
file94.131.110.28 | ShadowPad botnet C2 server (confidence level: 100%) | |
file64.176.8.105 | ShadowPad botnet C2 server (confidence level: 100%) | |
file128.14.105.154 | ShadowPad botnet C2 server (confidence level: 100%) | |
file45.116.78.250 | ShadowPad botnet C2 server (confidence level: 100%) | |
file146.70.157.115 | ShadowPad botnet C2 server (confidence level: 100%) | |
file45.32.115.37 | ShadowPad botnet C2 server (confidence level: 100%) | |
file207.148.95.161 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.167.61.21 | ShadowPad botnet C2 server (confidence level: 100%) | |
file164.215.103.248 | ShadowPad botnet C2 server (confidence level: 100%) | |
file173.199.71.24 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.217.107.25 | ShadowPad botnet C2 server (confidence level: 100%) | |
file47.243.60.4 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.210.168.192 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.218.193.197 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.210.74.92 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.218.128.35 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.218.213.245 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.210.221.119 | ShadowPad botnet C2 server (confidence level: 100%) | |
file45.159.250.235 | ShadowPad botnet C2 server (confidence level: 100%) | |
file185.81.114.45 | ShadowPad botnet C2 server (confidence level: 100%) | |
file8.217.122.135 | ShadowPad botnet C2 server (confidence level: 100%) | |
file193.124.41.246 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file37.120.235.122 | Remcos botnet C2 server (confidence level: 75%) | |
file194.140.198.234 | DynamicStealer botnet C2 server (confidence level: 100%) | |
file101.99.93.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file217.138.215.79 | solarmarker botnet C2 server (confidence level: 50%) | |
file207.148.109.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.120.133.115 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file142.171.104.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.218.228.15 | BianLian botnet C2 server (confidence level: 50%) | |
file68.168.211.94 | SparkRAT botnet C2 server (confidence level: 50%) | |
file89.105.201.183 | Socks5 Systemz botnet C2 server (confidence level: 80%) | |
file185.107.56.48 | LimeRAT botnet C2 server (confidence level: 100%) | |
file99.83.190.128 | Deimos botnet C2 server (confidence level: 50%) | |
file51.15.225.131 | Havoc botnet C2 server (confidence level: 50%) | |
file139.59.110.64 | Unknown malware botnet C2 server (confidence level: 50%) | |
file144.76.71.93 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.19 | Revenge RAT botnet C2 server (confidence level: 100%) | |
file146.19.143.134 | IcedID botnet C2 server (confidence level: 75%) | |
file109.120.178.235 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file188.114.97.9 | LokiBot botnet C2 server (confidence level: 80%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3588 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1340 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash15478 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3588 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash37732 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash33587 | N-W0rm botnet C2 server (confidence level: 100%) | |
hash42294 | NjRAT botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash4047 | Remcos botnet C2 server (confidence level: 100%) | |
hash4047 | Remcos botnet C2 server (confidence level: 100%) | |
hash666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8443 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4505 | Deimos botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8848 | MooBot botnet C2 server (confidence level: 75%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash2269 | Remcos botnet C2 server (confidence level: 75%) | |
hash9993 | DynamicStealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | solarmarker botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60478 | BianLian botnet C2 server (confidence level: 50%) | |
hash2052 | SparkRAT botnet C2 server (confidence level: 50%) | |
hash2023 | Socks5 Systemz botnet C2 server (confidence level: 80%) | |
hash443 | LimeRAT botnet C2 server (confidence level: 100%) | |
hash443 | Deimos botnet C2 server (confidence level: 50%) | |
hash40056 | Havoc botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash313 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash39717 | Revenge RAT botnet C2 server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash26632 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | LokiBot botnet C2 server (confidence level: 80%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://10.0.0.206/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://81.71.127.160:8888/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://investment.kumbaraan.biz.id/dhl | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://chniabank.com:2083/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://207.148.109.8:443/ptj | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://101.99.93.222/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.96.174.24:8060/p7mi | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://207.148.109.8:443/sig32.gif | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://114.132.62.71:8082/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://support.popuiarenlinea.com/lv | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.234.54.136/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.109.48.193:2345/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.25.2.115:8000/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://62.204.41.11/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://a0947008.xsph.ru/_defaultwindows.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://reallysrv.top/authdefaultdle.php | DCRat botnet C2 (confidence level: 100%) |
Threat ID: 682c7ac0e3e6de8ceb761c35
Added to database: 5/20/2025, 12:51:12 PM
Last enriched: 6/19/2025, 1:19:42 PM
Last updated: 8/18/2025, 2:20:34 AM
Views: 12
Related Threats
ThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.