ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://citactica.com/wp-content/wp-login.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-06-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1356251
IOC:	https://citactica.com/wp-content/wp-login.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Amadey
Confidence Level :	Confidence level is moderate (49%)
Is compromised? :	False
ASN:	AS8560 IONOS-AS
Country:	DE
First seen:	2024-12-12 19:47:56 UTC
Last seen:	never
UUID:	3c19b6e3-b89e-11ef-91ae-42010aa4000a
Reporter	johannes
Reward	5 credits from ThreatFox
Tags:	Wipbot
Reference:	https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/

johannes

C2 Survey Tool and Amadey dropper Secret Blizzard April, from the Microsoft report "Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine". See all IOC from that report at https://rosti.bin.re/reports/GcSswmyc