Cobalt Strike - Indicators of Compromise

Last updated: 2026-06-28

C2 Domains (79)

test.officeplustool.top
boldtop.click
www.rmsmarineservice.com.qwqqwq.ggff.net
ns2.msgkg.xyz
ns1.msgkg.xyz
www.api-aws.xyz
mlcs.mlface.net
cs.tpedu2metricstw.dpdns.org
ardaplumeit.top
sys.systemworld.info
1364170351-9enmkvd46p.ap-guangzhou.tencentscf.com
mlcos.cdnupdate.net
1364170351-5ezc7c8ssf.ap-guangzhou.tencentscf.com
google.dns-1.help
1314180598-d1gxufiq1h.ap-guangzhou.tencentscf.com
ns2.newchatsits.ir
ns1.newchatsits.ir
updates.fisgloval.com
api1.haedalcompany.com
ds.metric-take-datadqct.com
ns1.deepsekapi.cn
mlcos.baidudns.org
1364170351-gsw88cee73.ap-guangzhou.tencentscf.com
wsus2.227api.com
wsus.227api.com
xulnai.com
fq3gm5xphax8c.cfc-execute.bj.baidubce.com
a3tf75e7k596x.cfc-execute.bj.baidubce.com
linuxkerneldbs.com
ct.feliz.icu
api.apifox.top
39nasm720z98q.cfc-execute.bj.baidubce.com
ns1.cacheflow.top
1364170351-kld29tgkc1.ap-guangzhou.tencentscf.com
static.slbc7890.shop
www.pronhub.shop
update.javashell.com
4176rbz8vepn6.cfc-execute.bj.baidubce.com
1325813086-kvn4jlpgeu.ap-shanghai.tencentscf.com
www.cement-chemistry.com
webshareclouds.com
perfectgo.top
t2.shakesnap.net
t.shakesnap.net
ap.johamp.com
h67as5d5x.m6p3wca1.cc
safeaxis.xyz
update.cdn-update.workers.dev
secure-server.sbs
www.microsslcheck.com
releases-export-finishing-phillips.trycloudflare.com
microsoftcdn.accesscam.org
1318289497-6hwi9hel8e.ap-beijing.tencentscf.com
ns1.twnic.top
cc.twnic.top
1364170351-ivarm6apjz.ap-guangzhou.tencentscf.com
nuli.qzz.io
mole-yxzzxy.xyz
dd.googleos-js.vip
d2.googleos-js.vip
specialclouds.top
specialclouds.com
cs.demo888999.com
c2.woshishabi.cc
ws1.227api.com
ws.227api.com
cdn.project-eagle-2025.xyz
cdn1.wakecoin.xyz
ns2.jane2010.filegear-sg.me
ns1.jane2010.filegear-sg.me
9b9046b7177436ac115bc0cc679a6c74.44a419fc8c7f7ef61b90bcd30919405e.traefik.default
cdn2.raqeeb.dev
bxx2rghe05kng.cfc-execute.bj.baidubce.com
fc042d5bfecb1da4d2821c28c3a3b754.5df12747c755c71bd07c59710b1567bf.traefik.default
www.ggccloud.top
flyingbbird.cc
tarsier.cloudshell.svc
frk9qw3pqt0dx.cfc-execute.bj.baidubce.com
www.swchx.com

C2 IP Addresses (200)

176.125.243.228
45.227.253.121
134.122.135.53
134.122.135.120
103.146.231.107
47.86.184.71
8.152.212.104
47.108.60.27
114.132.199.129
62.0.120.51
122.51.221.207
172.245.196.240
172.245.57.227
124.222.218.12
1.94.187.246
8.130.74.111
159.75.176.139
101.43.24.136
8.134.255.60
130.94.59.160
121.4.76.54
60.217.58.49
43.131.240.236
49.233.9.4
111.231.173.74
42.193.15.237
62.234.22.228
204.194.54.198
74.48.84.24
119.45.166.6
115.190.149.214
116.213.42.110
100.110.56.1
43.138.165.203
43.143.244.134
139.196.89.43
23.141.12.111
149.88.66.234
116.204.36.177
81.69.253.132
47.242.0.207
114.134.187.38
64.90.3.208
185.92.190.216
185.92.190.214
151.239.24.122
115.190.147.66
188.227.14.105
62.113.59.64
106.13.189.138
221.132.29.137
1.92.101.103
156.234.211.242
91.219.96.131
185.92.190.217
1.13.141.229
223.166.31.185
8.138.23.63
43.138.225.166
212.14.244.222
122.51.50.44
39.106.205.6
151.239.24.160
177.3.40.2
45.151.101.97
129.204.14.131
23.95.170.223
47.236.102.8
79.175.189.207
45.202.1.194
8.152.2.86
23.254.129.251
207.56.229.234
103.47.83.115
165.154.254.203
49.232.4.71
120.27.245.127
18.232.64.100
118.24.128.201
43.130.246.23
43.108.49.157
67.216.197.83
124.223.112.182
153.0.197.184
8.217.12.212
60.205.126.246
95.182.114.29
49.233.136.227
117.72.159.215
45.87.53.6
120.55.3.157
43.136.180.88
47.121.181.148
124.220.41.22
160.202.230.103
139.5.108.17
156.234.211.138
156.234.211.165
85.137.240.208
8.148.201.210
38.76.164.56
38.14.248.138
185.92.190.215
185.92.190.213
38.47.122.34
34.92.128.98
8.163.59.20
8.219.158.30
218.244.142.4
43.99.110.114
156.234.211.220
156.234.114.122
130.94.17.180
198.46.199.110
120.55.246.213
106.14.116.17
209.200.246.194
87.107.191.39
154.198.49.31
154.12.86.154
101.43.103.154
34.202.161.96
107.150.105.91
124.222.155.113
120.26.208.96
118.89.203.103
8.163.104.36
113.44.136.127
38.181.42.160
82.157.52.180
49.233.215.164
47.116.211.215
47.103.95.85
176.97.124.68
154.38.114.115
107.151.246.172
223.26.59.226
209.200.246.82
124.220.235.4
124.71.141.30
118.89.79.131
103.242.12.143
119.29.117.194
198.44.177.179
45.116.78.181
120.48.66.205
8.134.70.73
47.122.47.221
106.52.99.247
47.118.25.45
8.163.49.50
124.70.184.106
60.205.109.25
139.196.223.82
134.122.134.243
165.154.227.66
119.91.78.3
156.245.235.51
47.101.51.235
101.201.111.98
167.71.233.187
113.45.226.61
45.118.133.200
149.104.29.125
204.194.49.142
165.22.225.218
113.31.106.210
5.252.153.0
68.64.178.130
36.138.84.183
43.204.108.246
47.108.25.113
43.156.42.49
47.238.154.144
47.239.20.75
8.210.103.84
1.92.95.105
134.175.78.181
45.154.12.150
103.210.236.87
156.239.238.117
43.138.192.16
106.13.188.194
39.100.88.189
101.43.30.6
101.126.10.34
101.133.169.173
35.79.16.81
139.196.93.201
39.106.160.181
152.53.195.50
68.64.180.15
203.83.10.114
1.117.77.166
47.103.78.72
46.20.109.225
35.220.177.232
180.131.145.97
23.106.135.33
154.201.68.191

Malicious URLs (50)

https://ersesytuhbo.it.com/Dokumen-perusahaan.exe
http://107.175.88.100/458/cloudconnect.hta
http://66.42.56.151:4444/02.08.2022.exe
http://156.224.28.186/02.08.2022.exe
http://66.154.110.34/02.08.2022.exe
http://8.138.112.209:1112/02.08.2022.exe
http://38.180.152.140:8888/02.08.2022.exe
http://121.43.58.124:4444/02.08.2022.exe
http://59.110.40.60:8443/02.08.2022.exe
http://86.106.143.213/02.08.2022.exe
http://38.180.152.34:8888/02.08.2022.exe
http://121.153.7.211:443/02.08.2022.exe
http://115.190.250.28:5521/02.08.2022.exe
http://47.120.20.86:8888/02.08.2022.exe
http://47.92.169.87/02.08.2022.exe
http://38.76.195.221:10000/02.08.2022.exe
http://106.246.233.154:9080/02.08.2022.exe
http://85.239.151.38/02.08.2022.exe
http://13.60.199.136:8888/02.08.2022.exe
http://1.94.40.59:65534/02.08.2022.exe
http://8.131.77.227:817/02.08.2022.exe
http://115.190.53.184:666/02.08.2022.exe
http://173.211.70.196:443/02.08.2022.exe
http://81.68.89.216:8088/02.08.2022.exe
http://111.228.4.54:4455/02.08.2022.exe
http://101.132.167.9:8081/02.08.2022.exe
http://106.53.160.33:5555/02.08.2022.exe
http://172.86.121.104/02.08.2022.exe
http://47.110.69.92:1042/02.08.2022.exe
http://101.200.193.211:8086/02.08.2022.exe
http://117.72.191.140:8028/02.08.2022.exe
http://101.132.167.9/02.08.2022.exe
http://119.91.54.176:50001/02.08.2022.exe
http://18.142.177.189:8443/02.08.2022.exe
http://8.148.251.204:801/02.08.2022.exe
http://8.148.251.204:2095/02.08.2022.exe
http://18.142.177.189/02.08.2022.exe
http://186.123.85.29/02.08.2022.exe
http://213.64.72.46/02.08.2022.exe
http://13.232.97.61/02.08.2022.exe
http://118.89.73.78/02.08.2022.exe
http://47.239.230.84:20000/02.08.2022.exe
http://120.76.143.184:443/02.08.2022.exe
http://142.171.223.34:19873/02.08.2022.exe
http://156.238.242.231/02.08.2022.exe
http://120.26.18.220/02.08.2022.exe
http://8.141.93.66:8081/02.08.2022.exe
http://128.241.229.70:6001/02.08.2022.exe
http://70.169.51.111/02.08.2022.exe
http://45.192.110.197:8088/02.08.2022.exe

SHA256 Hashes (21)

4e791c25ea3e6fe490e9b53a1b13eaafef56d9cfc75930b380fc49fb843212b9
1d3bcced2467d17e2be347629e1aae5ad919c0cf850932eef0fff74fc3ea0f03
ef901fac3c9bdf1f15df02d8457d78b9d4c20afc558f5aadcd5205d3d3a6bb05
4e95aba17c1a423cda5cc9f9f04f7cf8db17e294eb31ed1aa85063601b82fe8d
e684c5aa42e21bc9c833dbd50d5d3da4e3a603259d612b426a1e9d7c01ce5444
7ea8c0bb8ab8c412f289bacc5d4a8eeb9ddf60457ed1bf73f83c39a4483039fd
7c1f99dca8e5a7897892f9d224a6495023a2cfd2671697d229d355978c415ed2
63c656b183444fd53169f82dfd69ef54cf595f74b8268aa5dc154bd99e6fbcaa
ac443b7d7bf80fb030fc74025d0faa98db26cd98bf9e8c524383eab7c9893796
86d250aaf3763fbcecdaf02d886d399f321622a9acd032dd3a2cf318410f70c4
4cda128af8138a1e46eee0ee05351f3b381d66315232dc0eb1f74d37a7d14627
37a82b306178d9bf25af2c794d675630ce55336cf1cbf5734701e471e1abaa14
123b6141959b472dbbf2f0e8fd0d1316d35866efe23ce8a354e3b0dacafa8fde
94ac8014079db7511da409b5fccebfb01846e29e2b5c551522e865f438120601
7b2b66166e8fa2fde5ed1464d45882d52303d560d4132e697027d712ad1e05d1
5772c238fa72be7c1939b044430f2a950995029fe863fa35f4850564005aac8c
5b50ecba3041b74c8b9a4fd31cbea4c7c3f32e86b4610c6c2fb225b289e73d9a
9f238ad7ee69f9a519a3a82b9f90afb5cccc8db46b7b9501d7fe67df90afc9e6
179dcccf0614360e520b8c450bcda367884251d0daac46583af68a4182b855f1
4772d85990eb9ab0bc0ce48cc759613572f7613857040da2dd7ab1a8ca4b1ece
03ca7bcc97fccc10ac293492afc385f3d50916060d6692a8ccc631176f7fda0a

Data Sources

MalwareBazaar (abuse.ch) ThreatFox (abuse.ch) URLhaus (abuse.ch)