ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 40.88.44.226:2223.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 237942 |
|---|---|
| IOC: | 40.88.44.226:2223 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | BitRAT |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS8075 MICROSOFT-CORP-MSN-AS-BLOCK |
| Country: |  US |
| First seen: | 2021-10-27 00:44:03 UTC |
| Last seen: | never |
| UUID: | fba53391-36be-11ec-8ab6-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | BitRAT xenarmor |
| Reference: | https://tria.ge/211027-ancmkaadg2 |
AndreGironda
MITRE T1566.001Date: Wed, 27 Oct 2021 02:00-02:30 +0800
Received: from spspread4.n5yasc0oku5ejawr0cbiurxvmb.jx.internal.cloudapp.net (unknown [13.84.135.203])
Received-SPF: pass (sweet-nightingale.185-176-221-70.plesk.page: connection is authenticated)
Content-Type: multipart/mixed; boundary="===============1903492875=="
MIME-Version: 1.0
Subject: Pending delivery
To: Recipients <sopue@mhhl.com>
From: "DHL Customer Service"<sopue@mhhl.com>
Message-ID: <9fcdeca1-1f57-4552-81c1-7010311750ee@DM6NAM11FT057.eop-nam11.prod.protection.outlook.com>
Return-Path: sopue@mhhl.com
Attachment Name: files000289.img
Attachment powerdrinkers_and_powerisos SHA256: 67c20680218a6e7a0f55f1fae46bc9feec46929789f9d59a70ac5fc3510b32a8
UDF_Encapsulated_Executable Name: Raxcfqvsntmlqvhbxqrivoifsqoentpung.exe
Executable SHA256: 337be63dd8d9e3f24e72c8637a4859a3270e0a6f98df3fdd1e269d632651d893
Unpacked TempleLoader (DbatLoader-NG) DLL SHA256: e232e1cd61ca125fbb698cb32222a097216c83f16fe96e8ea7a8b03b00fe3e40
Stage URL: hXXps://cdn.discordapp[.]com/attachments/897181828421656630/902605094976106558/Raxcfqvsntmlqvhbxqrivoifsqoentp
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2021-10-27 14:51:07 | 93b7a518e97ad29f0c71d0af14a8e1f0db10564300bdeee1d71a2490d34615cc |