ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://ultroawest.com/live/.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-06-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1301615
IOC:	https://ultroawest.com/live/
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Unidentified 111 (Latrodectus)
Malware alias:	BLACKWIDOW, IceNova, Latrodectus, Lotus
Confidence Level :	Confidence level is moderate (49%)
Is compromised? :	False
ASN:	AS63949 AKAMAI-LINODE-AP
Country:	US
First seen:	2024-07-16 10:37:39 UTC
Last seen:	2024-11-29 13:57:45 UTC
UUID:	69b69ac2-4354-11ef-ae0a-42010aa4000a
Reporter	johannes
Reward	5 credits from ThreatFox
Tags:	RATel
Reference:	https://blog.reveng.ai/latrodectus-distribution-via-brc4/

johannes

Latrodectus C2 Endpoint, from the RevEng.ai report "Latrodectus Affiliate Resumes Operations Using Brute Ratel C4 Post Operation Endgame". See all IOC from that report at https://rosti.bin.re/reports/MGvMuB81