ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://www.corbvalperu.com/m8g0/.

Database Entry


IOC ID:221837
IOC: http://www.corbvalperu.com/m8g0/
IOC Type :url
Threat Type :botnet_cc
Malware: Formbook
Malware alias:win.xloader
Confidence Level : Confidence level is high (100%)
First seen:2021-09-14 16:55:09 UTC
Last seen:never
UUID:85495a20-157c-11ec-830d-42010aa4000a
Reporter @AndreGironda
Reward 5 credits from ThreatFox
Tags:Formbook
Reference: https://tria.ge/210914-t6dgcsbabp/

Twitter
@AndreGironda
MITRE T1566.001
Date: 14 Sep 2021 14:30-15:00 +0200
Received: from mail0.cyborgit.net (165.22.242.85)
From: Flora James<info@cyborgit.net>
Message-ID: <20210914144941.0C3E3C829FA73CD2@cyborgit.net>
Attachment Name: SALAMATH EXPORTS.docx
Attachment SHA256: 32cfaa88c450f72627f502fa72b50b21c3ae2d0199eebbd9f3f750945521678a
Workbook Stage URL: hXXp://198[.]46.199.161/dom/d[.]wbk
Executable Stage URL: hXXp://198[.]46.199.161/dom/win32[.]exe
Stage SHA256: f8d239a08e27c28f5a5dea56ab895274476ae7360d5d456d89b58d33a392d49c
Unpacked Stage SHA256: 748f7124adf6f7a719b3bbd83d47849ebc4cb07e9da6acdee28f8a7b63322ba6