ThreatFox Mirai CobaltStrike Raccoon IcedID IOCs for 2022-10-02

ThreatFox is a free platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers.

Event ID4011
UUIDc247795b-f71a-493e-8f1d-60facce9f31f 
Creator orgabuse.ch
Owner orgLUNCHBOX
Creator useradmin@admin.test
Protected Event (experimental)  Event is in unprotected mode.
Tagstype:OSINTx tlp:whitex   
Date2022-10-02
Threat LevelMedium
AnalysisOngoing
DistributionYour organisation only   
WarningsDistribution: The event is tagged as tlp:white, yet the distribution is not set to all. Change the distribution setting to something more lax if you wish for the event to propagate further.
PublishedYes 2022-10-03 21:00:41
#Attributes96 (0 Objects)
First recorded change2022-10-02 00:30:36
Last change2022-10-03 00:03:04
Modification map
Sightings0 (0) – restricted to own organisation only.  

Order by date Order by count

Related Events

LUNCHBOXTelnet Bruteforce IPs feed
2022-10-031
LUNCHBOXthreatfox indicators of compromise feed
2022-10-0396
abuse.chThreatFox IOCs for 2022-10-01
2022-10-012
DIGITALSIDE.ITDigitalSide Malware report: MD5: af0e8bb81c5849d670fd25111c45aac7
2022-09-301
DIGITALSIDE.ITDigitalSide Malware report: MD5: 43db6e837cc3b2ea162d4a8962ea1b59
2022-09-301
DIGITALSIDE.ITDigitalSide Malware report: MD5: 3c86f6818789c75bf2ee32fe0c9003b3
2022-09-301
DIGITALSIDE.ITDigitalSide Malware report: MD5: a85b828e34a3d5418e6efbbeb41b6329
2022-09-301
DIGITALSIDE.ITDigitalSide Malware report: MD5: 6c7a2f1811c8e52d4b5cb67f7cce714c
2022-09-291
abuse.chThreatFox IOCs for 2022-09-25
2022-09-251
LUNCHBOXFeodo IP Blocklist feed
2022-09-211

Show (3 more)

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

4011: ThreatFox IOCs for 2022-10-02

Galaxies  

Top of Form

Bottom of Form

Top of Form

Bottom of Form

Top of Form

Bottom of Form

Scope toggle  Deleted Decay score SightingDB Context Related Tags Filtering tool

DateOrgCategoryTypeValueTagsGalaxiesCommentCorrelateRelated EventsFeed hitsIDSDistributionSightingsActivityActions
2022-10-02Network activityip-dst|port45.142.182.116:55650Miraix     Mirai botnet C2 server (confidence level: 75%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port212.46.38.196:443    IcedID botnet C2 server (confidence level: 75%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://77.73.133.0/f08fae9af60cb6e9f6e9220405077c8draccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://77.73.133.0/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://77.73.133.0/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://77.73.133.0/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://77.73.133.0/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://77.73.133.0/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://77.73.133.0/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://207.154.195.173/d9d32ca71a13ea0d6f25e9565a48ad14raccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://77.73.133.0/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://207.154.195.173/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://207.154.195.173/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://207.154.195.173/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://207.154.195.173/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://207.154.195.173/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://207.154.195.173/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://207.154.195.173/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.246.85.178/f2874d64769d5b840dfc0f84450d31c5raccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.246.85.178/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.246.85.178/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.246.85.178/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.246.85.178/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.246.85.178/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.246.85.178/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.246.85.178/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://45.15.156.31/ecbe62d46fd84970e9b750379977394braccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://45.15.156.31/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://45.15.156.31/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://45.15.156.31/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://45.15.156.31/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://45.15.156.31/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://45.15.156.31/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://45.15.156.31/raccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://45.15.156.31/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dllraccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.246.85.178/raccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://207.154.195.173/raccoonx     Raccoon botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port77.73.133.0:80raccoonx     Raccoon botnet C2 server (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port45.15.156.31:80raccoonx     Raccoon botnet C2 server (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port84.246.85.178:80raccoonx     Raccoon botnet C2 server (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port207.154.195.173:80raccoonx     Raccoon botnet C2 server (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port68.183.116.24:443CobaltStrikex DIGITALOCEAN-ASNx     Cobalt Strike botnet C2 server (confidence level: 100%)3384 4021 Inherit   (0/0/0)     
2022-10-02Network activityurlhttps://68.183.116.24/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=booksCobaltStrikex DIGITALOCEAN-ASNx     Cobalt Strike botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttps://1.15.67.80/admin/loginCobaltStrikex     Cobalt Strike botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://106.15.202.72:8080/ptjALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.x CobaltStrikex     Cobalt Strike botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://121.40.99.143:3333/matchALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.x CobaltStrikex     Cobalt Strike botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port84.32.128.13:80CHERRYSERVERS3-ASx CobaltStrikex     Cobalt Strike botnet C2 server (confidence level: 100%)3384 4013 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://84.32.128.13/communicate/deny/beziupp7CHERRYSERVERS3-ASx CobaltStrikex     Cobalt Strike botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port51.195.194.83:22Gafgytx     Bashlite botnet C2 server (confidence level: 75%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port45.138.70.43:3778Miraix     Mirai botnet C2 server (confidence level: 75%)3383 3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port45.140.188.33:6989Gafgytx     Bashlite botnet C2 server (confidence level: 75%)3384 4021 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://5.161.21.185/1142Vidarx     Vidar botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activitydomainguversaksi.comIcedIDx     IcedID botnet C2 domain (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port82.115.223.14:4449SquirrelsFlowx     AsyncRAT botnet C2 server (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttps://179.43.156.130:53/activityCobaltStrikex PLI-ASx     Cobalt Strike botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port89.23.96.173:30681SquirrelsFlowx     RedLine Stealer botnet C2 server (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port77.73.134.13:3660SquirrelsFlowx     RedLine Stealer botnet C2 server (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://47.98.234.230:82/pushALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.x CobaltStrikex     Cobalt Strike botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityurlhttp://123.207.98.102:81/api/getitCobaltStrikex     Cobalt Strike botnet C2 (confidence level: 100%)3384 Inherit   (0/0/0)     
2022-10-02Network activityip-dst|port45.141.58.37:443    BumbleBee botnet C2 server (confidence level: 75%)3384 1547 Inherit   (0/0/0)