################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2024-03-28 16:20:06 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2024-03-28 16:20:06", "1250836", "muratinue.com", "domain", "botnet_cc", "win.icedid_downloader", "None", "IcedID Downloader", "", "75", "https://bazaar.abuse.ch/sample/9b5498c5c240818198e2eea9d9b8dce18273ea24b167882c9efc030e2643f127/", "icedid", "0", "abuse_ch" "2024-03-28 16:20:06", "1250835", "cowspidzu.pro", "domain", "botnet_cc", "win.icedid_downloader", "None", "IcedID Downloader", "", "75", "https://bazaar.abuse.ch/sample/9b5498c5c240818198e2eea9d9b8dce18273ea24b167882c9efc030e2643f127/", "icedid", "0", "abuse_ch" "2024-03-28 16:20:05", "1250834", "certifacto.com", "domain", "botnet_cc", "win.icedid_downloader", "None", "IcedID Downloader", "", "75", "https://bazaar.abuse.ch/sample/9b5498c5c240818198e2eea9d9b8dce18273ea24b167882c9efc030e2643f127/", "icedid", "0", "abuse_ch" "2024-03-28 16:20:04", "1250833", "bladisuka.red", "domain", "botnet_cc", "win.icedid_downloader", "None", "IcedID Downloader", "", "75", "https://bazaar.abuse.ch/sample/9b5498c5c240818198e2eea9d9b8dce18273ea24b167882c9efc030e2643f127/", "icedid", "0", "abuse_ch" "2024-03-28 12:59:48", "1250609", "service-ps16whvt-1304800271.sh.tencentapigw.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-03-28 06:48:02", "1250356", "gammaproject.dev", "domain", "botnet_cc", "win.matanbuchus", "None", "Matanbuchus", "2024-03-28 17:24:02", "50", "https://tracker.viriback.com/index.php?q=gammaproject.dev", "Matanbuchus,ViriBack", "0", "abuse_ch" "2024-03-28 06:30:52", "1250294", "results-outdoors.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-03-27 21:05:50", "1250239", "alexanderalbie.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 21:05:50", "1250238", "suggst.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 21:05:50", "1250237", "hepialid.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 21:05:50", "1250236", "pvasms.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 21:05:50", "1250235", "alexanderarthur.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 18:32:10", "1250216", "prior-gently.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-03-27 17:28:08", "1250212", "cdn-aws-amazon.nbcnews.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 13:43:01", "100", "None", "CobaltStrike,cs-watermark-666666666,TERAEXCH", "0", "drb_ra" "2024-03-27 15:17:57", "1250160", "www.feekstokandy.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:57", "1250161", "www.nemchaprues.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:56", "1250162", "www.fustindor.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:56", "1250163", "www.trondisaup.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:56", "1250164", "www.trentimarsop.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:55", "1250165", "www.carsruitkan.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:55", "1250166", "www.boskajean.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:55", "1250167", "www.triopahom.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:55", "1250168", "www.illboardinj.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:54", "1250172", "www.skansnekssky.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:54", "1250171", "www.dionaolesjob.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:54", "1250170", "www.minesotkarpid.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:54", "1250169", "www.transautomanf.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:53", "1250173", "www.kevinbrawiewu.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:52", "1250174", "www.troffyfrutlot.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:52", "1250175", "www.skazifrant.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:52", "1250176", "www.neelsmagofter.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:51", "1250177", "www.qtargumanikar.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:51", "1250178", "www.strastkamenhoop.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:50", "1250179", "www.lergochatep.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:50", "1250180", "www.clainsrimauto.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:50", "1250181", "www.kaspimension.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:49", "1250182", "www.askamoshopsi.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:48", "1250183", "www.majzolimka.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:48", "1250184", "www.spakernakurs.com", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-03-27 15:18:20", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:47", "1250186", "adobeshare.blog", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "75", "", "icedid", "0", "embee_research" "2024-03-27 15:17:47", "1250185", "adobeshare.info", "domain", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "75", "", "icedid", "0", "embee_research" "2024-03-27 14:42:02", "1250157", "soneypaly.club", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 17:21:02", "75", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-03-27 13:00:45", "1249908", "cs.buidu.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 13:44:40", "100", "None", "CobaltStrike,cs-watermark-987654321,IDC China Telecommunications Corporation", "0", "drb_ra" "2024-03-27 12:59:14", "1249901", "tools.trtyr.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 13:55:35", "100", "None", "CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-03-27 12:58:33", "1249895", "nimappche.buzz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 13:42:51", "100", "None", "CobaltStrike,cs-watermark-987654321,SonderCloud Limited", "0", "drb_ra" "2024-03-27 12:58:24", "1249893", "endpointinfrart.azureedge.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 13:42:58", "100", "None", "CobaltStrike,cs-watermark-391144938,Microsoft Corporation", "0", "drb_ra" "2024-03-27 12:27:17", "1249888", "mariyel-therapy.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "EpsilonStealer", "0", "Xev" "2024-03-27 10:13:16", "1249849", "service-2saemj0p-1319375115.bj.apigw.tencentcs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 13:46:45", "100", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-03-27 10:10:23", "1249836", "service-20ww8i3o-1300612713.gz.tencentapigw.com.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 13:43:20", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-03-27 08:55:37", "1249817", "voidc2.xyz", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-03-27 07:57:20", "1249812", "www.flash-update.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 13:55:19", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-03-27 07:36:50", "1249665", "apijsonparserkit.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@rmceoin/112162545425717808", "KeitaroTDS,SocGholish", "0", "threatcat_ch" "2024-03-27 07:29:32", "1249760", "withupdate.com", "domain", "botnet_cc", "win.darkgate", "Meh,MehCrypter", "DarkGate", "", "100", "https://tria.ge/240326-sjtz6aga2x/behavioral1", "admin888,c2,DarkGate", "0", "DonPasci" "2024-03-27 07:29:32", "1249759", "backupitfirst.com", "domain", "botnet_cc", "win.darkgate", "Meh,MehCrypter", "DarkGate", "", "100", "https://tria.ge/240326-v9zz7sag9v", "ADMIN888,c2,DarkGate", "0", "DonPasci" "2024-03-27 07:29:30", "1249736", "arku.xyz", "domain", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "None", "infostealer,lokibot,stealer", "0", "SarlackLab" "2024-03-27 07:29:28", "1249734", "usersync.tiqcdn.net", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@Nzc2ZjZjNjY/112162185914720035", "SocGholish", "0", "threatcat_ch" "2024-03-26 20:46:56", "1249740", "g.fyss888.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-28 13:56:17", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" # Number of entries: 57