ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://cont302901.bounceme.net/g2/.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:231124
IOC: https://cont302901.bounceme.net/g2/
IOC Type :url
Threat Type :botnet_cc
Malware: Mispadu
Malware alias:URSA
Confidence Level : Confidence level is high (100%)
Is compromised? : False
First seen:2021-10-06 23:38:30 UTC
Last seen:never
UUID:82fd21d0-26fe-11ec-a35f-42010aa4000a
Reporter AndreGironda
Reward 5 credits from ThreatFox
Tags:Mispadu URSA trojan
Reference: https://bazaar.abuse.ch/sample/ca192d789bf546a62c05a5a5a0e14fad486b5d8165c974a2deeceb47999883a7/

Avatar
AndreGironda
MITRE T1566.001
Date: Wed, 6 Oct 2021 16:00-19:30 +0000
Received: from nubia28.mklamail.com (185.66.91.193)
Subject: Factura 3165
From: 630833 westco <nubia63046@nubia28.mklamail.com>
Reply-To: 630833 westco <nubia63046@nubia28.mklamail.com>
Message-ID: <ffc55e48b3def2689f369099f7fd1e16@185.66.91.193>
X-Priority: 3
X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_ffc55e48b3def2689f369099f7fd1e16"
Return-Path: nubia63046@nubia28.mklamail.com
Malicious URL: hXXp://tiny[.]cc/FACT1001
Malicious URL Redirect: hXXps://bbuseruploads.s3.amazonaws[.]com/8be94966-db45-452c-99fe-7edefd0f3d5a/downloads/cd4ef73c-f05a-4b3d-97a8-b50d32908892/FAC-K48G0.html?Signature=K%2BLzt5dRlcpVY6Wt0Conlp87Q5U%3D&Expires=1633542613&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=VoLww7uL8YSRrr09MhKnFTfQZYUdIaJa&response-content-disposition=attachment%3B%20filename%3D%22FAC-K48G0.html%22
HTML_HighAscii_Phish Filename: FAC-K48G0.html
HTML_HighAscii_Phish (HTML Smuggling) File SHA256: 3e3e349be2d2d0b4cafed2f47c20f5064104634cee8e56c827dc414ca27085f9
Malicious Zipfile Name: FAC-K48G092508161.zip
Malicious ZIP_Dropper_ManifestDestiny SHA256: f4ea89a0097cd289dea97f43a5e248fd039480b4cfa457348ca243adb9462131
Mispadu VBS Name: Fac-FKLLD30490J.vbs
Mispadu VBS SHA256: ca192d789bf546a62c05a5a5a0e14fad486b5d8165c974a2deeceb47999883a7
Unpacked Mispadu VBS Filename: ggj10.vbs
Unpacked Mispadu VBS SHA256: 8778ec8e436ceabd8159e26412ccb57bbdefc6bb8ce48916bc37ed5c7b214ed4