ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://doc.eagle-web-concept.fr/matin/rend.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1836760
IOC: https://doc.eagle-web-concept.fr/matin/rend
IOC Type :url
Threat Type :payload_delivery
Malware: Unknown malware
Confidence Level : Confidence level is elevated (75%)
Is compromised? : True
ASN:AS50474 O2SWITCH
Country:- FR
First seen:2026-06-24 09:14:11 UTC
Last seen:never
UUID:e191749d-6faa-11f1-97fa-42010aa4000a
Reporter Decio1
Reward 5 credits from ThreatFox
Tags:powershell vbs

Avatar
Decio1
German invoice-themed VBS payload delivery URL. The downloaded .vbs sample sample is named "RE0039092-0300290-00390 Rechnung DE0039002-R.vbs"

Execution chain observed: wscript.exe -> hidden powershell.exe with ExecutionPolicy Bypass -> Base64 decode -> GZip decompression -> in-memory .NET assembly loading via [Reflection.Assembly]::Load() -> invocation of [Fiber.Program]::Main(...).