ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://originupdate.azurewebsites.net/api/getupdate.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:866167
IOC: https://originupdate.azurewebsites.net/api/getupdate
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike, cobeacon
Confidence Level : Confidence level is high (100%)
First seen:2022-10-03 11:50:45 UTC
Last seen:never
UUID:9d54ab64-4311-11ed-80c0-42010aa4000a
Reporter drb_ra
Reward 5 credits from ThreatFox
Tags:CobaltStrike MICROSOFT-CORP-MSN-AS-BLOCK

Avatar
drb_ra
Cobalt Strike Server Found
C2: HTTPS @ 20[.]249[.]90[.]67:443
C2 Server: originupdate[.]azurewebsites[.]net,/api/getupdate
POST URI: /api/feedback
Country: South Korea
ASN: MICROSOFT-CORP-MSN-AS-BLOCK