ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://2pxsdtxngssu3vqqujdfgu4bsmlkp3d2ytctawznlhhez6tq57wzpzqd.onion:55314/.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-06-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1346065
IOC:	https://2pxsdtxngssu3vqqujdfgu4bsmlkp3d2ytctawznlhhez6tq57wzpzqd.onion:55314/
IOC Type :	url
Threat Type :	botnet_cc
Malware:	SmokeLoader
Malware alias:	Dofoil, Sharik, Smoke, Smoke Loader
Confidence Level :	Confidence level is moderate (49%)
Is compromised? :	False
First seen:	2024-11-20 05:51:01 UTC
Last seen:	2024-11-29 15:54:42 UTC
UUID:	8f7f6401-a6b6-11ef-91ae-42010aa4000a
Reporter	johannes
Reward	5 credits from ThreatFox
Reference:	https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and

johannes

C2 server domain, from the ZScaler report "Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms". See all IOC from that report at https://rosti.bin.re/reports/H05mRfyR