ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 194.5.97.207:3259.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 236159 |
|---|---|
| IOC: | 194.5.97.207:3259 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Nanocore RAT |
| Malware alias: | Nancrat, NanoCore |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS149020 WEBHORIZON-AS-AP |
| Country: |  IN |
| First seen: | 2021-10-21 12:24:33 UTC |
| Last seen: | never |
| UUID: | d8e317a6-3269-11ec-a35f-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | NanoCore |
| Reference: | https://tria.ge/211021-pa47zsacc6 |
AndreGironda
MITRE T1566.001Date: Wed, 20 Oct 2021 02:00-02:30 -0700
Received: from funny-lovelace.213-238-182-77.plesk.page (213.238.182.77)
MIME-Version: 1.0
From: ORS <salesors@ors.com.tr>
To: undisclosed-recipients:;
Subject: Re: ORS-SK202-8 #YN12-60387
Reply-To: info@cikolatashop.net
User-Agent: Roundcube Webmail/1.4.11
Message-ID: <1f059d9589d7f0e42d66223f06929f66@ors.com.tr>
X-Sender: salesors@ors.com.tr
Content-Type: multipart/mixed; boundary="=_2b60509de507d00b18b9e69896681def"
Return-Path: salesors@ors.com.tr
Attachment Name: SK202-8 #YN12-60387.r00
Attachment SHA256: 0af048ced820966772ab5aed9d870fe1e8c2781a3cea94850628d4ea557c0248
RAR_Encapsulated_Executable Name: SK202-8 #YN12-60387.exe
Executable SHA256: 301cd4c375459544240e253b5f1fea9e0688d7d1770c69bb06dd9408960543e9
Unpacked Nanocore Executable SHA256: cba624754d7eefed09cf0e1fad56e5b8c2c2682e1ff72e838e09204fc578d62f
Unpacked nanocore_surveillance_plugin Executable SHA256: 01e3b18bd63981decb384f558f0321346c3334bb6e6f97c31c6c95c4ab2fe354
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2021-11-17 03:46:31 | 08192d74bf3c93bcf4fab4a19c3ea505d36a9a8f9cb63af6ae7d8a1e741b276e |