ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://okesense.oketheme.com/wp-includes/sodium_compat/sodium_compatT4FF1a.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-06-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1356255
IOC:	https://okesense.oketheme.com/wp-includes/sodium_compat/sodium_compatT4FF1a
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Amadey
Confidence Level :	Confidence level is moderate (49%)
Is compromised? :	False
ASN:	AS13335 CLOUDFLARENET
Country:	US
First seen:	2024-12-12 19:47:53 UTC
Last seen:	never
UUID:	3d411835-b89e-11ef-91ae-42010aa4000a
Reporter	johannes
Reward	5 credits from ThreatFox
Tags:	Wipbot
Reference:	https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/

johannes

KazuarV2 C2 Secret Blizzard June, from the Microsoft report "Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine". See all IOC from that report at https://rosti.bin.re/reports/GcSswmyc