URLhaus Database

You are currently viewing the URLhaus database entry for http://1.94.97.137:8000/cobalt_strike_4.7_www.ddosi.org/cobaltstrike.jar which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2748584
URL:	http://1.94.97.137:8000/cobalt_strike_4.7_www.ddosi.org/cobaltstrike.jar
URL Status:	Offline
Host:	1.94.97.137
Date added:	2024-01-13 06:06:54 UTC
Last online:	2024-01-25 07:XX:XX UTC
Threat:	Malware download
Reporter:	adm1n_usa32
Abuse complaint sent (?):	Yes (2024-01-13 08:36:05 UTC to ipas{at}cnnic[dot]cn)
Takedown time:	11 days, 22 hours, 47 minutes (down since 2024-01-25 07:23:25 UTC)
Tags:	CobaltStrike jar

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT
2024-01-25	n/a	zip	0c902ce2df6616f859337d5262bad20feda402aa2fff6d650c308ceea7c0f765	n/a
2024-01-25	n/a	zip	765adb5b853a950fc70c2596a4c2bd89a07eb715882a86906201e83b6fbe05bb	n/a
2024-01-24	n/a	zip	a55dc36e03b16c79b9037f89ddac4318bf9b2fc113f5b1fb3fa72f3e6f572044	n/a
2024-01-21	n/a	zip	d152c72cb4a157e4c47c21614faba9f97c95a07168a408d22a7bf7c968598467	n/a
2024-01-13	n/a	zip	7794fe069e5166fc40b877f6fbe5b675d6ded7290fc4961058cfffa01b8e0008	55.74%