ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://82.147.85.52/Loader.exe.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-06-04 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1327043
IOC:	http://82.147.85.52/Loader.exe
IOC Type :	url
Threat Type :	botnet_cc
Malware:	RansomHub
Confidence Level :	Confidence level is moderate (49%)
Is compromised? :	False
ASN:	AS57494 ADMAN-AS
Country:	RU
First seen:	2024-09-21 12:08:37 UTC
Last seen:	2024-11-29 15:54:23 UTC
UUID:	eec81c6a-780e-11ef-894b-42010aa4000a
Reporter	johannes
Reward	5 credits from ThreatFox
Reference:	https://www.trendmicro.com/en_us/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html

johannes

C&C Server Address where the Anti-EDR was downloaded, from the Trend Micro report "How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections". See all IOC from that report at https://rosti.bin.re/reports/6be5zFZd