ThreatFox IOCs for 2024-07-24
ThreatFox IOCs for 2024-07-24
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2024-07-24," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating that it primarily involves open-source intelligence data rather than a specific software product or version. No affected software versions or specific vulnerabilities (CWEs) are listed, and there are no patch links or known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level rating of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate distribution or prevalence. The absence of concrete IOCs or detailed technical indicators limits the ability to precisely characterize the malware's behavior, infection vectors, or payload specifics. The threat is tagged with 'type:osint' and 'tlp:white,' indicating that the information is publicly shareable without restrictions. Overall, this appears to be an early-stage or low-profile malware threat identified through open-source intelligence, with limited technical details and no active exploitation reported as of the publication date.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. However, as malware threats can evolve rapidly, organizations relying on open-source intelligence for threat detection should remain vigilant. Potential impacts could include unauthorized access, data exfiltration, or disruption if the malware were to be deployed effectively. European organizations in sectors with high reliance on OSINT tools or those that integrate such intelligence feeds into their security operations might face increased exposure. The lack of specific affected products or versions reduces the ability to target mitigation efforts precisely, potentially leading to broader but less focused defensive measures. The medium severity rating suggests that while the threat is not currently critical, it warrants monitoring and preparedness to respond if further developments arise.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Organizations should improve their capabilities to monitor open-source intelligence feeds, including ThreatFox, to quickly identify emerging IOCs and adapt defenses accordingly. 2. Integrate Threat Intelligence: Security teams should integrate OSINT-derived IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable proactive detection. 3. Conduct Regular Threat Hunting: Proactively search for signs of this malware or related activity within networks, focusing on anomalous behaviors that may not yet be linked to known IOCs. 4. Employee Awareness and Training: Since specific infection vectors are unknown, reinforce general cybersecurity hygiene, including phishing awareness and safe handling of external data sources. 5. Network Segmentation and Least Privilege: Limit the potential spread of malware by enforcing strict network segmentation and minimizing user privileges. 6. Maintain Up-to-Date Security Controls: Ensure antivirus, endpoint protection, and intrusion detection systems are current and configured to detect emerging threats from OSINT sources. 7. Collaborate with National CERTs: Engage with European Computer Emergency Response Teams to receive timely updates and guidance related to this and similar threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
Indicators of Compromise
- file: 31.177.108.53
- hash: 11099
- file: 147.185.221.21
- hash: 31388
- domain: insurance-helmet.gl.at.ply.gg
- file: 192.169.69.25
- hash: 7890
- file: 94.156.69.174
- hash: 7459
- url: https://beatablydoxzcop.shop/api
- file: 27.25.152.79
- hash: 7777
- file: 8.140.198.146
- hash: 443
- file: 52.171.219.111
- hash: 80
- file: 43.135.163.87
- hash: 8080
- file: 8.134.220.29
- hash: 80
- file: 45.133.239.95
- hash: 80
- file: 124.223.28.20
- hash: 80
- file: 101.43.103.253
- hash: 8080
- file: 39.105.200.143
- hash: 9999
- file: 66.42.43.38
- hash: 443
- file: 97.64.26.63
- hash: 7443
- file: 124.220.19.159
- hash: 80
- file: 121.40.157.87
- hash: 80
- file: 175.178.160.167
- hash: 443
- file: 185.208.158.228
- hash: 443
- file: 45.148.120.22
- hash: 80
- file: 47.96.78.5
- hash: 8080
- file: 106.14.211.58
- hash: 8080
- file: 8.130.83.3
- hash: 9999
- file: 103.185.248.187
- hash: 443
- file: 118.31.238.130
- hash: 443
- file: 47.91.14.8
- hash: 443
- file: 47.116.176.97
- hash: 81
- file: 47.120.3.50
- hash: 8000
- file: 62.234.42.20
- hash: 8443
- file: 47.236.74.146
- hash: 443
- file: 8.140.198.146
- hash: 80
- file: 103.185.248.187
- hash: 80
- file: 81.70.246.230
- hash: 80
- file: 8.153.36.151
- hash: 80
- file: 8.210.135.61
- hash: 80
- file: 47.92.93.42
- hash: 8081
- url: http://123.4.203.99:52105/mozi.m
- url: https://warrantelespsz.shop/api
- file: 80.76.49.119
- hash: 1912
- file: 45.141.87.124
- hash: 9000
- file: 213.5.130.58
- hash: 443
- file: 172.104.160.126
- hash: 5000
- domain: sticky.oystergardening.name
- url: http://103.146.22.197:80/ebdr
- url: http://43.138.44.158:12312/socialapiversion=1.1
- url: http://62.234.50.197:6666/dhz7
- url: http://192.168.1.211:4433/fidj
- url: https://denaumtz.com/cdn-vs/original.js
- domain: denaumtz.com
- url: https://denaumtz.com/cdn-vs/main.php
- url: http://denaumtz.com/cdn-vs/22per.php
- url: https://spliceszongsop.shop/api
- url: http://192.168.1.11:6667/ekid
- url: http://192.168.3.4:1000/ca
- file: 185.222.58.231
- hash: 7869
- file: 185.222.58.231
- hash: 55615
- file: 185.130.225.203
- hash: 80
- url: http://tgsk.xyz:443/jquery-3.3.1.min.js
- file: 91.242.163.172
- hash: 443
- hash: f795bfac7c8543e9dc77c7d9a12a75656b61dec4
- hash: a807ac6487f19b91cd6af5b8329c7c2e9fda482b5a738e9e78dd72681c5e2035
- hash: a7a92fe87bdddded0b7862531a31a9b0
- hash: 6af52e4d38acab08ee120003a2dd67bfd507c7c7
- hash: a059c482aaffa0b377503f809e76f9614d84a9e6bb9767d58dca9265eb1027e3
- hash: a5c15cf972faa0ef4c3731d1a8e15260
- hash: 09657d0b4e0fe365b5f5e32bc548597a5bbdd517
- hash: 6eebe67d08930118f2f319754188b288feef58f2def0b44d049609b860165614
- hash: 586beb48d4999a199c40131910902db0
- url: https://closedjuruwk.shop/api
- file: 37.48.118.12
- hash: 26546
- url: http://8.137.127.73:82/2wqc
- url: http://120.27.142.96:80/unft
- url: http://wellsfargocs.ddns.us/1.jpg
- url: http://wellsfargocs.ddns.us/4.jpg
- url: http://wellsfargocs.ddns.us/5.jpg
- url: http://wellsfargocs.ddns.us/7.jpg
- url: http://service-0heq5aek-1325313187.gz.tencentapigw.com.cn:80/bootstrap-2.min.js
- url: http://192.168.0.237:443/jquery-3.3.1.min.js
- url: http://192.168.52.128:8082/2atv
- url: http://150.158.75.38:19111/bangumi/play/ep816608
- file: 94.156.69.39
- hash: 9553
- url: http://111.229.181.176:4675/drbnpfh9
- url: http://120.26.48.63:4223/o5ud
- url: http://a1008223.xsph.ru/5df1b3cb.php
- url: http://222.190.151.52:50123/updates.rss
- url: http://update.micdosoft.top:443/enhb
- url: http://10.10.3.201:443/z4wx
- url: http://192.168.132.129:6666/dpixel
- url: http://36.138.209.232:60443/api-gateway/jpaas-jis-coruser-server/front/coruserlogin/usernamepwd-login.jspx
- url: http://102bd03.r9.cpolar.top:80/ttil
- url: http://45.144.136.27:65443/jquery-3.3.2.slim.min.js
- url: http://107.174.69.116:443/o1ex
- url: http://service-a0y8baw1-1319935181.bj.apigw.tencentcs.com:443/bootstrap-2.min.js
- url: http://39.100.86.42:4443/download/20/zo2xy7a4bowu
- url: http://43.138.15.224:8001/ji5u
ThreatFox IOCs for 2024-07-24
Description
ThreatFox IOCs for 2024-07-24
AI-Powered Analysis
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2024-07-24," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating that it primarily involves open-source intelligence data rather than a specific software product or version. No affected software versions or specific vulnerabilities (CWEs) are listed, and there are no patch links or known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level rating of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate distribution or prevalence. The absence of concrete IOCs or detailed technical indicators limits the ability to precisely characterize the malware's behavior, infection vectors, or payload specifics. The threat is tagged with 'type:osint' and 'tlp:white,' indicating that the information is publicly shareable without restrictions. Overall, this appears to be an early-stage or low-profile malware threat identified through open-source intelligence, with limited technical details and no active exploitation reported as of the publication date.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. However, as malware threats can evolve rapidly, organizations relying on open-source intelligence for threat detection should remain vigilant. Potential impacts could include unauthorized access, data exfiltration, or disruption if the malware were to be deployed effectively. European organizations in sectors with high reliance on OSINT tools or those that integrate such intelligence feeds into their security operations might face increased exposure. The lack of specific affected products or versions reduces the ability to target mitigation efforts precisely, potentially leading to broader but less focused defensive measures. The medium severity rating suggests that while the threat is not currently critical, it warrants monitoring and preparedness to respond if further developments arise.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Organizations should improve their capabilities to monitor open-source intelligence feeds, including ThreatFox, to quickly identify emerging IOCs and adapt defenses accordingly. 2. Integrate Threat Intelligence: Security teams should integrate OSINT-derived IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable proactive detection. 3. Conduct Regular Threat Hunting: Proactively search for signs of this malware or related activity within networks, focusing on anomalous behaviors that may not yet be linked to known IOCs. 4. Employee Awareness and Training: Since specific infection vectors are unknown, reinforce general cybersecurity hygiene, including phishing awareness and safe handling of external data sources. 5. Network Segmentation and Least Privilege: Limit the potential spread of malware by enforcing strict network segmentation and minimizing user privileges. 6. Maintain Up-to-Date Security Controls: Ensure antivirus, endpoint protection, and intrusion detection systems are current and configured to detect emerging threats from OSINT sources. 7. Collaborate with National CERTs: Engage with European Computer Emergency Response Teams to receive timely updates and guidance related to this and similar threats.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 010db76f-9e4e-4759-b95d-d9ede1479b33
- Original Timestamp
- 1721865788
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file31.177.108.53 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.21 | NjRAT botnet C2 server (confidence level: 75%) | |
file192.169.69.25 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file94.156.69.174 | Remcos botnet C2 server (confidence level: 100%) | |
file27.25.152.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.140.198.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.171.219.111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.135.163.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.220.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.133.239.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.223.28.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.103.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.105.200.143 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.42.43.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file97.64.26.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.220.19.159 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.40.157.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.178.160.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.208.158.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.148.120.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.96.78.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.211.58 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.83.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.185.248.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.31.238.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.91.14.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.116.176.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.120.3.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.234.42.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.236.74.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.140.198.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.185.248.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.70.246.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.153.36.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.210.135.61 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.93.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file80.76.49.119 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.141.87.124 | SectopRAT botnet C2 server (confidence level: 100%) | |
file213.5.130.58 | Remcos botnet C2 server (confidence level: 49%) | |
file172.104.160.126 | Remcos botnet C2 server (confidence level: 49%) | |
file185.222.58.231 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file185.222.58.231 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.130.225.203 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file91.242.163.172 | Latrodectus botnet C2 server (confidence level: 75%) | |
file37.48.118.12 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file94.156.69.39 | STRRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash11099 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash31388 | NjRAT botnet C2 server (confidence level: 75%) | |
hash7890 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash7459 | Remcos botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 49%) | |
hash5000 | Remcos botnet C2 server (confidence level: 49%) | |
hash7869 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 75%) | |
hashf795bfac7c8543e9dc77c7d9a12a75656b61dec4 | Vobfus payload (confidence level: 95%) | |
hasha807ac6487f19b91cd6af5b8329c7c2e9fda482b5a738e9e78dd72681c5e2035 | Vobfus payload (confidence level: 95%) | |
hasha7a92fe87bdddded0b7862531a31a9b0 | Vobfus payload (confidence level: 95%) | |
hash6af52e4d38acab08ee120003a2dd67bfd507c7c7 | SafeNet payload (confidence level: 95%) | |
hasha059c482aaffa0b377503f809e76f9614d84a9e6bb9767d58dca9265eb1027e3 | SafeNet payload (confidence level: 95%) | |
hasha5c15cf972faa0ef4c3731d1a8e15260 | SafeNet payload (confidence level: 95%) | |
hash09657d0b4e0fe365b5f5e32bc548597a5bbdd517 | Sys10 payload (confidence level: 95%) | |
hash6eebe67d08930118f2f319754188b288feef58f2def0b44d049609b860165614 | Sys10 payload (confidence level: 95%) | |
hash586beb48d4999a199c40131910902db0 | Sys10 payload (confidence level: 95%) | |
hash26546 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash9553 | STRRAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaininsurance-helmet.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainsticky.oystergardening.name | FAKEUPDATES payload delivery domain (confidence level: 49%) | |
domaindenaumtz.com | FAKEUPDATES payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://beatablydoxzcop.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://123.4.203.99:52105/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://warrantelespsz.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://103.146.22.197:80/ebdr | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://43.138.44.158:12312/socialapiversion=1.1 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://62.234.50.197:6666/dhz7 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://192.168.1.211:4433/fidj | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://denaumtz.com/cdn-vs/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://denaumtz.com/cdn-vs/main.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://denaumtz.com/cdn-vs/22per.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://spliceszongsop.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://192.168.1.11:6667/ekid | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://192.168.3.4:1000/ca | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://tgsk.xyz:443/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://closedjuruwk.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://8.137.127.73:82/2wqc | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://120.27.142.96:80/unft | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://wellsfargocs.ddns.us/1.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://wellsfargocs.ddns.us/4.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://wellsfargocs.ddns.us/5.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://wellsfargocs.ddns.us/7.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://service-0heq5aek-1325313187.gz.tencentapigw.com.cn:80/bootstrap-2.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://192.168.0.237:443/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://192.168.52.128:8082/2atv | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://150.158.75.38:19111/bangumi/play/ep816608 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://111.229.181.176:4675/drbnpfh9 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://120.26.48.63:4223/o5ud | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://a1008223.xsph.ru/5df1b3cb.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://222.190.151.52:50123/updates.rss | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://update.micdosoft.top:443/enhb | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://10.10.3.201:443/z4wx | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://192.168.132.129:6666/dpixel | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://36.138.209.232:60443/api-gateway/jpaas-jis-coruser-server/front/coruserlogin/usernamepwd-login.jspx | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://102bd03.r9.cpolar.top:80/ttil | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://45.144.136.27:65443/jquery-3.3.2.slim.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://107.174.69.116:443/o1ex | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://service-a0y8baw1-1319935181.bj.apigw.tencentcs.com:443/bootstrap-2.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://39.100.86.42:4443/download/20/zo2xy7a4bowu | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://43.138.15.224:8001/ji5u | Cobalt Strike botnet C2 (confidence level: 75%) |
Threat ID: 682b7badd3ddd8cef2ebbf14
Added to database: 5/19/2025, 6:42:53 PM
Last enriched: 6/18/2025, 7:19:50 PM
Last updated: 7/27/2025, 4:09:24 AM
Views: 13
Related Threats
ThreatFox IOCs for 2025-08-11
MediumFrom ClickFix to Command: A Full PowerShell Attack Chain
MediumNorth Korean Group ScarCruft Expands From Spying to Ransomware Attacks
MediumMedusaLocker ransomware group is looking for pentesters
MediumThreatFox IOCs for 2025-08-10
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.