ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://se.tsukivpn.ru:443/.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1776379
IOC: https://se.tsukivpn.ru:443/
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike, cobeacon
Confidence Level : Confidence level is moderate (50%)
Is compromised? : False
First seen:2026-03-26 06:49:42 UTC
Last seen:never
UUID:41411288-287b-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:AI-lure heavens-gate reflective-loader sni-spoofing

Avatar
Lenny_3BO
C2 domain resolving to 185.177.239.255. Custom reflective PE implant from AI-themed HTA campaign (Claude/Manus/JetBrains lures). TLS SNI=facebook.com. NOT CobaltStrike, family used as placeholder for unknown custom framework.